Re: [Sks-devel] keyserver.pramberger.at terminating

[Joseph Oreste Bruni]

On Sep 8, 2010, at 2:07 PM, Phil Pennock wrote:

> On 2010-09-08 at 11:56 -0600, Ryan wrote:
>> Weather or not its in the database, if the user causing these issues
>> cant retrieve that info from Peter's server I would think that would
>> satisfy him enough to prevent a legal injunction against Peter and his
>> key server.
> 
> No.  EU data protection laws typically (eg, in Britain) state that data
> about a person belongs to that person and if you hold the data, you're
> required to provide it upon reasonable request to that person (charging
> a small processing fee is allowed) and IIRC you're required to delete it
> if it's inaccurate.
> 
> Holding onto the data but not serving it is a violation of a takedown
> notice and something that should only be considered after discussion
> with expensive lawyers.
> 
> Peter has my sympathy for the situation he's in.
> 

According to the US Safe Harbor principles, which are designed to mirror the EU 
Directive, the access principal reads as follows:

"Individuals must have access to personal information about them that an 
organization holds and be able to correct, amend or delete that information 
where it is inaccurate, except where the burden or expense of providing access 
would be disproportionate to the risks to the individual's privacy in the case 
in question, or where the legitimate rights of persons other than the 
individual would be violated." 

http://www.export.gov/safeharbor/eu/eg_main_018380.asp

It seems to me that the burden of providing deletion access is certainly 
prohibitive in this case, if not downright infeasible.

Safe Harbor also contains specific exclusions for conduits such as ISP's, etc. 
In the case of operators of SKS servers, the PII in question may or may not 
have been submitted through that server, it might have been (re-)introduced via 
any peer or any other possessor of the PII (e.g. I could submit to SKS any 
public key in my possession even if it's not my own).