keys require a user-id
wk at gnupg.org
Wed May 20 18:07:35 CEST 2020
On Tue, 19 May 2020 10:29, Robert J. Hansen said:
> * PII-free UIDs are possible today
Well, according to European law this is not that easy because a public
key is in most cases an attribute which identifies a natural person.
This is the same as with phone numbers and mail addresses. In Germany
even dynamically assigned IP addresses are attributes which can be used
to identify a person and thus are subject to GDPR.
OTOH, the GDPR does not forbid the use of this data, there are just
rules on how they can be used. WP describes the basic rules as:
Unless a data subject has provided informed consent to data processing
for one or more purposes, personal data may not be processed unless
there is at least one legal basis to do so. Article 6 states the
lawful purposes are:
(a) If the data subject has given consent to the processing of his or
her personal data;
(b) To fulfill contractual obligations with a data subject, or for
tasks at the request of a data subject who is in the process of
entering into a contract;
(c) To comply with a data controller's legal obligations;
(d) To protect the vital interests of a data subject or another
(e) To perform a task in the public interest or in official authority;
(f) For the legitimate interests of a data controller or a third
party, unless these interests are overridden by interests of the
data subject or her or his rights according to the Charter of
Fundamental Rights (especially in the case of children).
IMHO, point d covers the case of distributing and using a public key for
the purpose of securing the communication with the data subject. The
key may of course not be used for any other purpose (i.e. tracking
behaviour etc). Hacker be aware, the lay is not a machine, it works
different than we tend to assume.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-users