Keyservers and GDPR

Patrick Brunschwig patrick at
Wed May 23 11:07:10 CEST 2018

On 22.05.18 21:44, Vincent Breitmoser wrote:
> My personal conclusion is that keyservers that support user id packets are,
> quite simply, incompatible with GDPR law. Has anyone else thought about this?
> It's fairly unlikely that there will be actual consequences since keyservers
> aren't widely used, but running a keyserver on this assumption is hardly
> reassuring.

There are actually two different types of keyservers, which should be
clearly distinguished.

1. the pool of SKS keyservers: as anyone can upload anybody's key, and
as it does not allow to delete keys, it's IMHO by not compatible with GDPR.

2. other types of keyservers like the run by Mailvelope (and possibly
others that I don't know of), that verify the keys they receive and
allow to delete keys, are compatible with GDPR, or can be made
compatible easily.


More information about the Gnupg-devel mailing list