Probably really needs a lawyer as IANAL, but from my reading of it the US business compliance appears to revolve around "buying and selling of goods and services to those inside the EU" so if you take that to be very literal, SKS servers are not "buying and selling" as it is a free public service. With that said and again IANAL it would seem that SKS in this case operated within the US could be protected under safe haven laws as SKS merely facilitates the data transfer though servers that actually enact censoring of keys (blacklists) could potentially violate that... Good question nonetheless.
On Thu, May 26, 2022 at 11:50 PM Ari Trachtenberg <trach...@bu.edu> wrote: > Probably needs a lawyer ... > > On May 26, 2022, at 11:37 PM, Ced <c...@cyberbits.eu> wrote: > > On Thu, 26 May 2022 23:10:27 -0400 > Ari Trachtenberg <trach...@bu.edu> wrote: > > Would it help to move them to the US? > > > IANAL but I don't think it would help according to > https://gdpr.eu/companies-outside-of-europe/ > > Quote: "This Regulation applies to the processing of personal data of > data subjects who are in the Union by a controller or processor *not* > established in the Union, where the processing activities are related > to [...] the offering of goods or services, irrespective of whether a > payment of the data subject is required, to such data subjects in the > Union" > > One could argue that running a keyserver is offering services (to EU > citizens) so I think GDPR applies in this case. > > > --- > Prof. Ari Trachtenberg ECE, Boston University > trach...@bu.edu http://people.bu.edu/trachten > > -- Jeremy T. Bouse Sr. DevOps Engineer 678.348.0867 UnderGrid.net <http://undergrid.net/> <https://www.credly.com/badges/ebfdee3b-04ff-4ead-9f5c-d9345f759a0f> <https://www.credly.com/badges/69208741-17c8-4876-a5c0-bcaa9078ba29> <https://www.credly.com/badges/2f4523d6-da12-479c-9549-a0bf9cfff950> <https://www.credly.com/badges/8613a442-3830-42c9-a629-8e1576dfec5e>
