Re: anonymify a PGP key legally correctly // Re: ... GDPR takedown request

[Steffen Kaiser]

On 15.06.22 13:42, Gabor Kiss wrote:
> On Wed, 15 Jun 2022, Steffen Kaiser wrote:
> 
>> The problem is that the entity processing the data (e.g. stores them) is
>> responsible for deletion the possbility to connect the data to a person.
>> Actually, I don't know in which way one has to prove the act *legally*
>> (aka to be accepted in court); but one is responsible to make the data
>> unable to be connected to a person. IMHO it would be enough to strip any
> 
> Ths question is: which person?
> Several peoples may have identical name.

There is just one person using a particular email address, though.
As you say, a mere name, esp. common ones, are more a pseudonym.

> At least 3 different "Gabor Kiss"-es uploaded their keys to the key servers.
> Assuming one of them wants to delete all "Gabor Kiss" keys, should I
> remove even the mines? This is absurd.
> 
> I think if someone cannot show any evidence - aside the matching name -
> about the key or e-mail address belongs to him/her then the record
> cannot be connected to him/her. The case can be regarded as
> attempt of identity theft.

I do think so.

>> person-identifying information (the uid's  alone ??) from a PGP key.
> 
> This is impossible. The record will be corrupted. On the other hand
> a public key without personal information is useless.

openPGP did so with my key, which I did not uploaded there.

https://keys.openpgp.org/search?q=5119CB3603B258AAC1EBA7A723A371DE9ABC764F

It can be used to validate my signature, if the key is not known,
though, without any trust level. Once known, that blank key can be
associated to the email contact. I thought this is the way Thunderbird
is working now.

>> To delete the data is just one way to make it un-connectable.
> 
> No. This is the only way.
> There is no problem with this unless somebody tries to delete
> other peoples' keys.
> 
> Gabor
> 


-- 
Steffen

signature.asc
Description: OpenPGP digital signature