Re: [Sks-devel] Implications of GDPR

On Sun, 29 Apr 2018, 19:04 Ari Trachtenberg, wrote: > > On Apr 29, 2018, at 12:20 PM, Moritz Wirth wrote: > > > The last thing is about data protection - I am pretty sure the data in the > reconciliation process is not encrypted (which would be useless for

Re: [Sks-devel] Implications of GDPR

> On Apr 29, 2018, at 12:20 PM, Moritz Wirth wrote: > The last thing is about data protection - I am pretty sure the data in the > reconciliation process is not encrypted (which would be useless for public > data) but may also be required for data exchanges by GDPR - the same

Re: [Sks-devel] Implications of GDPR

That does not solve the problem with the data deletion - the key id can be tracked to a person and would be therefore considered as personal Information so you would be still required to delete the key id itself. The other big problem is the data sharing over reconciliation and other methods -

Re: [Sks-devel] Implications of GDPR

Moritz Wirth wrote: > Given the fact that it is not possible to delete data from a keyserver Of course this is possible. You can delete key by using the "sks drop " command. Now, if I understand it correctly the key will immediately be re-added because of gossiping keyservers. However, it would

Re: [Sks-devel] Implications of GDPR

Hi Moritz, My understanding is that the section you quoted on the "right to be forgotten" refers to the controller's (i.e. your) obligation to inform _other_ controllers processing the data (in this case: other keyserver operators who, through gossip, have a "copy or replication" of the personal

Re: [Sks-devel] Implications of GDPR

My short response to all of that is: "meh". Less briefly: Technically, I think you're right. The whole keyserver system doesn't appear to work at all against GDPR. But equally, a _system_ like ours doesn't seem a very likely target of any regulators. The law was mostly envisioned to keep

Re: [Sks-devel] Implications of GDPR

Hi Fabian, first of all, I am not a lawyer so you should not rely on my response as it may be wrong :) - The GDPR applies to all persons and companies who are located in the EU or offering goods, services or who monitor the behavior of EU data subjects - this means that all keyservers are

[Sks-devel] Implications of GDPR

So, As I understand it, GDPR concerns all EU citizen users of a site, regardless of where the site is hosted. How does this affect keyservers? I've seen at least one server going offline due to it. Should I be concerned as an American keyserver host? -- Fabian A. Santiago OpenPGP: