1.5 KiB
This section points out areas that I believe to effect PGP key-severs
All information here is taken from the GDPR its self.
Section 59 highlights the requirements for those processing personal data to have mechanisms in place to allow them to comply with the GDPR. Currently no such mechanisms exist in current key-servers specificly the SKS key-servers.
(59) Modalities should be provided for facilitating the exercise of the data subject's rights under this Regulation, including mechanisms to request and, if applicable, obtain, free of charge, in particular, access to and rectification or erasure of personal data and the exercise of the right to object. The controller should also provide means for requests to be made electronically, especially where personal data are processed by electronic means. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests.
Article 17 (Right to eraseure('right to be forgotten'))
sections 1(b)/2 - the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
1(d) -the personal data have been unlawfully processed;
Article 7(3) (Conditions for consent)
[The data subject shall have the right to withdraw his or her consent at any time.....It shall be as easy to withdraw as to give consent.]