Hi all,
sorry for stepping in as I am not working on this topic, but following the GDPA story for longer time I never read that we could simply prompt and agree with the terms ofÂ
the authority hosting the information of the public key.
The date and signature and probably reference to a
version
of the agreement can be added to the key and it won't be much of overhead. Isn't it more simple? Of course one should take care how the key servers exchange information in a secure way, but
IMO
on the surface it is a matter of an agreement between the person and the authority hosting the information of the public key. As Tobias Mueller was writing, it is all about handling personal information with care and not about fines. Of course all of this should stand in court as well, because there are many lawyers and companies that make money by legally blackmailing business entities that down not comply to GDPA.
regards