First Amendment and Marines?

Mauricio Tavares raubvogel at gmail.com
Sat Jan 29 22:29:31 CET 2022 

On Sat, Jan 29, 2022 at 12:59 PM Robert J. Hansen via Gnupg-users
<gnupg-users at gnupg.org> wrote:
>
> > I was simply trying to help an organization
> > that is, for *their own good business reasons* very much
> > motivated to adhere to GDPR, use existing IT infrastructure
> > to move to a more secure method of communication.
>
> And, for those people and businesses who have to do business with the
> EU, the GDPR is worth complying with even when it's not strictly
> enforceable.  For instance, United States airline companies that fly
> into the EU voluntarily comply with the GDPR for EU citizens flying
> within the United States, because if they don't they might find their
> access to European airports restricted.
>
> But if you're an American without EU ties, the GDPR is yet another piece
> of foreign legislation we don't need to pay attention to.  And when

      Not quite. It cares about personal data from people residing in
Europe at the time said data was collected. And even then, you need to
be targeting EU/EEA residents. So, if a German citizen goes to FL and
needs to stop at the emergency care to have a shark bite taken care
of, that data now is owned by the hospital forever, which will figure
out how to make money with it without asking permission.

> Europeans baldly say "the GDPR applies worldwide, you must follow it,"
> what we hear is "the EU overrides your silly Constitution."

      One can argue that the US has done the same. Some of it -- if
you want to do business in the US, you better follow American rules --
makes sense though, but we are difressing here.

> At which point we tell you to have that argument with the Marines,
> please.  That position you're pushing is a thoroughly silly one, and it
> deserves to be called out as such.
>
> I don't hate you.  I don't dislike you.  I don't hold you in contempt.
> In fact, I don't even *know* you.  You said something many Americans
> find very silly, and we laughed.  That's all that happened.  :)
>
> > (a) Unfortunately, OpenPG email encryption is incompatible
> > with GDPR and should not be used by those that either want
> > or need to be GDPR compliant.
>
> No, it's quite possible to be GDPR compliant, as evidenced by the fact
> the German government has adopted it.  I'm pretty sure the German
> government has a number of lawyers specializing in EU regulation, and
> they're fine with it.
>
      I not only agree but also would add that The Bundesamt für
Sicherheit in der Informationstechnik (German Federal Office for
Information Security) itself, which handles computer and communication
security -- critical infrastructure protection, internet security,
certification of security products -- for the German government, uses
it. Badly at times[1], but that is another bag of cats.

> Perhaps you might want to ask, "how is the German government complying
> with GDPR?"
>
      Better than the Irish government, but once again I digress.

> > (c) GPG and OpenPG appear to be very much US-centric
> > endevours.
>
> It's not.

      I agree. Given that it is open source, you can run your own
setup completely independently, including web of trust. Therefore, you
can control data lifetime.

[1] https://www.somethingofdoom.com/2021/11/german-federal-office-for-information.html

More information about the Gnupg-users mailing list