Preventing public key upload to key-servers

Ángel angel at
Sun Jan 30 01:13:34 CET 2022

On 2022-01-28 at 20:43 -0700, jonkomer wrote:
> > When the keyserer operator operates outside
> > of the EU I don't think that is a legal problem.
> If an individual that requests his personal information is
> removed (i.e., the "right to be forgotten") is EU resident,
> GDPR applies regardless of the jurisdiction in which the
> information server is located.
> Jon K.

Not really. If an EU resident is travelling on nonEUland, the GDPR
wouldn't apply. And it protect as well an noneulander which was only
temporarily on EU.

In order for the GDPR to apply to a company (controller/processor) not
established in the EU, the people whose data is being processed must be
in the EU (irrespective of whether they are a resident or staying for a
couple of days) and the company would need to be:
a) offering of goods or services (even if it's for free) to such people
in the Union; or
b) monitoring their behavior (which takes place in the Union)

See article 3 for the details:

Best regards

More information about the Gnupg-users mailing list