yakamo/keyserver-fs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
keyserver-fs/GDPR.md
yakamok 13f759a968
correction
2019-02-19 19:36:12 +01:00

2.2 KiB
Raw Permalink Blame History

This section points out areas that I believe to effect SKS-keyservers

Anyone is welcome to contribute to this document as long as it is not baseless opinions, you must have valid points that can be backed up with sections of the GDPR or the Data Protection Act.

All information here is taken from the GDPR its self.

Article24 (1) highlights the requirements for those processing personal data to have mechanisms in place to allow them to comply with the GDPR.

(59) Modalities should be provided for facilitating the exercise of the data subject's rights under this Regulation, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object. The controller should also provide means for requests to be made electronically, especially where personal data are processed by electronic means. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests.

Article 25's title explaines every thing well (Data protection by design and by default)

I think Article 26 points out something interesting "Joint Controllers", i think technically since all key servers sync together with new subject data and their is a collaboration with most servers in one way or another. (1) - "They shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation"

Currently no such mechanisms exist in current key-servers specificly the SKS key-servers.

Article 17 (Right to eraseure('right to be forgotten'))

sections 1(b)/2 - the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;

1(d) -the personal data have been unlawfully processed;

Article 7(3) (Conditions for consent)
[The data subject shall have the right to withdraw his or her consent at any time.....It shall be as easy to withdraw as to give consent.]