Matthias Geier <matthias.geier@antipod.de> writes: > Hello fellow developers > > To say that upfront, I searched most of the archive, didn't find that topic > in there > > About gdpr and certificates. If I am not mistaken, before I even request > the TLS certificate, I'd need to get a user consent, not to mention storing > it. > > On a capsule like station, you can ignore the certificate until you sign > up, but for instance if I want to prevent spam/DoS and check against a > certification authority, I'd need to get permission for that first. Which > beats the purpose partially > > Is the manual opt-in to show a cert on a specific domain enough for gdpr > (clients require you to set the cert for the domains)? I can't show a gdpr > warning on the cert missing error, since the spec doesn't allow me to. IANAL but what about responding with something like 60 Missing certificate: <gdpr warning here>\r\n Not all clients show the *exact* meta for status codes != 20, but that's another issue. > Not to mention other consent stuff for storing and processing information? > > I am aware that the small internet won't be sued soon, because no one > cares. However hosting a service in the EU as a private person has become > dangerous and you don't want to end up with a fine in the 10k range for > infringement > > Any opinions, best practices, advice, discussion is welcome 🙃
---
Previous in thread (1 of 5): 🗣️ Matthias Geier (matthias.geier (a) antipod.de)
Next in thread (3 of 5): 🗣️ adnidor (lists-gemini (a) adnidor.de)