|
From: | Klaus-Uwe (Kumi) Mitterer |
Subject: | Re: ... GDPR takedown request |
Date: | Tue, 14 Jun 2022 22:01:00 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0 |
Hi all,Just my personal legal opinion, but I don't think that they are required to actually control those keys, only to demonstrate that they are the person whose personal data is included the keys' user IDs.
Just imagine if *I* uploaded a key with a user ID containing *your* name, street address, date of birth and social security number. Now you might (rightly, in my opinion) want this key removed, because it contains sensitive data about you - by your logic, other keyserver operators wouldn't have to delete that key, because you – obviously – can't read and respond to their encrypted mail, even if you can proof to them that it's your data (by producing documents, qualified signatures, etc.). I don't think that's how the GDPR works, or responsible handling of personal data regardless of legal requirements.
And I think it was said before in this discussion, but disclosing their name on a public mailing list might not be the best of ideas either...
Best On 14.06.22 21:37, Kiss Gabor (Bitman) wrote:
IMHO Mr. [...] must show some evidence first about the key to delete belongs to him. Otherwise any impostor can make delete other guys' key.I thought the same thing and asked him (privately) to resend his request in a PGP-signed email, which he did, so this is legit.Gee. I'm also found by the alleged [...] who wants me to delete not less than 16 public keys even if keys.niif.hu is down for a year or two. I hope he possesses all the secret keys because he has to read 16 encrypted mails soon... Gabor
[Prev in Thread] | Current Thread | [Next in Thread] |