On Wed, 15 Jun 2022, Steffen Kaiser wrote: > The problem is that the entity processing the data (e.g. stores them) is > responsible for deletion the possbility to connect the data to a person. > Actually, I don't know in which way one has to prove the act *legally* > (aka to be accepted in court); but one is responsible to make the data > unable to be connected to a person. IMHO it would be enough to strip any
Ths question is: which person? Several peoples may have identical name. At least 3 different "Gabor Kiss"-es uploaded their keys to the key servers. Assuming one of them wants to delete all "Gabor Kiss" keys, should I remove even the mines? This is absurd. I think if someone cannot show any evidence - aside the matching name - about the key or e-mail address belongs to him/her then the record cannot be connected to him/her. The case can be regarded as attempt of identity theft. > person-identifying information (the uid's alone ??) from a PGP key. This is impossible. The record will be corrupted. On the other hand a public key without personal information is useless. > To delete the data is just one way to make it un-connectable. No. This is the only way. There is no problem with this unless somebody tries to delete other peoples' keys. Gabor
