Keyservers and GDPR

Marcel Fest marcelf at selfnet.de
Wed May 23 10:29:10 CEST 2018


>> My personal conclusion is that keyservers that support user id packets are,
>> quite simply, incompatible with GDPR law. Has anyone else thought about
>> this?
> thinking about earlier data privacy laws (which were quite similiar to GDPR in 
> many respects) and pubkey servers got me to no clear conclusion.
>
>> For OpenKeychain, we plan to move uploading of key material a bit farther
>> out of the way and do a better job at informing the user what's going to
>> happen.
> If our goal is to automate the common case in an end-to-end crypto
> mail communication, then asking the user a data privacy agreement question
> is a stumbling block. I would degrate the user experience a lot.

What about keys uploaded by a third party without the consent
of the person concerned with his name and email addresses.

Best Regards

Marcel Fest

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180523/8e484d0d/attachment.sig>


More information about the Gnupg-devel mailing list