Hai!
After receiving a bunch of alerts, I learned that today dnsbl.inps.de
<http://dnsbl.inps.de>, dnswl.inps.de <http://dnswl.inps.de> were terminated.
If IP addresses are considered personal data that can be removed under GDPR,
then DNSBL are doomed. Perhaps a mail server IP is not to be considered
personal data, because of the public function it carries out (in some countries
you cannot even get a fixed IP without a VAT number.) IP addresses used for
personal navigation, such as those in Spamhaus PBL, are not constant, hence not
personally identifiable information.
If you combine it with other datasets it might very well be very much
identifiable. (But thats a different discussion i think)
One of the issues is that many people explain GDPR in different ways.
Some TLD operators even say 'their zonefile is considered as material
under GDPR' but still they publish a list via DNS ;)
There are also exempts inside the GDPR that allow analytics and such. Or
parts that are specificly there to support research.
I am definately not a GDPR expert but its not that black and white i am
afraid.
Thanks! Raymond
_______________________________________________
mailop mailing list
[email protected]
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
