Keyservers and GDPR

Niels Dettenbach (Syndicat IT & Internet) nd at
Wed May 23 07:27:34 CEST 2018

Am 22. Mai 2018 21:44:09 MESZ schrieb Vincent Breitmoser <look at>:
>Now, since the PII that is uploaded is not used to fulfill contractual

I'm not a lawyer, but i see this vice versa. 

Users upload their keys for the purpose of their usage in the "web of trust" and expect their availability (storage, processing)there for this. 

A contract with the server owner/admin IS emerged with the transfer of the data in the conventional keyserver protocol without any further "written" contract.

Extended, written explicite order is required if the keyserver (their owner) want to use that data for other purposes, not covered by the specs.

This is my view. But clearifying this needs a good las expert with a good understanding in the specs and the whole process.

just my two cents.


Niels Dettenbach
Syndicat IT & Internet

More information about the Gnupg-devel mailing list