Re: ... GDPR takedown request

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ... GDPR takedown request

From:	Iñaki Arenaza
Subject:	Re: ... GDPR takedown request
Date:	Tue, 14 Jun 2022 22:57:02 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

On mar, jun 14 2022, Gabor Kiss wrote:

> On Tue, 14 Jun 2022, Klaus-Uwe (Kumi) Mitterer wrote:
>
>> Just my personal legal opinion, but I don't think that they are required to
>> actually control those keys, only to demonstrate that they are the person
>> whose personal data is included the keys' user IDs.
>
> Google gives several hits for "Luis Puerto". This seems to be a
> quite common name (just like mine :).
> How to figure out if a given record contains name of the
> "real" Puerto and not an other's?
>
> What if I get crazy and I want all "Gabor Kiss" records to be deleted?
> Do you simply believe without any proof that all records with this
> name belong to me?

Just a small comment to note that the person in question also contacted
me (as the operator of keyserver.escomposlinux.org).

I asked for proof of identity in a way that I could verify. He answered
that in addition to controlling all of the secret keys (and having the
willingness to prove it), he could also use a digital certificate system
that is operated by the government and legally binding in my
country[1][2] (both of us are Spanish citizens). 

And at my request, he has digitally signed a document -produced by me-
with that digital certificate. I have verified the signature using one
of the government services for signature verification, and the signature
is good. And the certificate details match those provided by the person
in question.

So as far as I'm concerned, this is a request from the legitimate owner
of the PII data present in those keys. And I have removed them from my
HockeyPuck server (and blacklisted so they don't get re-introduced).

But don't take my word for it, and do your own verification!

Best regards,

Iñaki.

[1] It's one of the two official government run digital certificate
systems, the other one being the Smart Card system embedded in our
national identity card.

[2] And as far as I've read, it should also be legally binding in the
whole EU. As the system is part of a EU-wide cross-country digital
certificate initiative.

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: ... GDPR takedown request, Kiss Gabor (Bitman), 2022/06/14
- Re: ... GDPR takedown request, Klaus-Uwe (Kumi) Mitterer, 2022/06/14
  - Re: ... GDPR takedown request, Gabor Kiss, 2022/06/14
    - Re: ... GDPR takedown request, Iñaki Arenaza <=
    - Re: ... GDPR takedown request, Gabor Kiss, 2022/06/14
- Re: ... GDPR takedown request, Jeremy T. Bouse, 2022/06/14
  - Re: ... GDPR takedown request, Kiss Gabor (Bitman), 2022/06/15
    - anonymify a PGP key legally correctly // Re: ... GDPR takedown request, Steffen Kaiser, 2022/06/15
    - Re: anonymify a PGP key legally correctly // Re: ... GDPR takedown request, Gabor Kiss, 2022/06/15
    - Re: anonymify a PGP key legally correctly // Re: ... GDPR takedown request, Steffen Kaiser, 2022/06/15
    - Re: ... GDPR takedown request, Tobias Mueller, 2022/06/15
    - Re: ... GDPR takedown request, Kiss Gabor (Bitman), 2022/06/15

Prev by Date: Re: ... GDPR takedown request
Next by Date: Re: ... GDPR takedown request
Previous by thread: Re: ... GDPR takedown request
Next by thread: Re: ... GDPR takedown request
Index(es):
- Date
- Thread