Keyservers and GDPR
Niels Dettenbach (Syndicat IT & Internet)
nd at syndicat.com
Wed May 23 07:27:34 CEST 2018
Am 22. Mai 2018 21:44:09 MESZ schrieb Vincent Breitmoser <look at my.amazin.horse>:
>Now, since the PII that is uploaded is not used to fulfill contractual
I'm not a lawyer, but i see this vice versa.
Users upload their keys for the purpose of their usage in the "web of trust" and expect their availability (storage, processing)there for this.
A contract with the server owner/admin IS emerged with the transfer of the data in the conventional keyserver protocol without any further "written" contract.
Extended, written explicite order is required if the keyserver (their owner) want to use that data for other purposes, not covered by the specs.
This is my view. But clearifying this needs a good las expert with a good understanding in the specs and the whole process.
just my two cents.
Syndicat IT & Internet
More information about the Gnupg-devel