Re: Scope for self-destructing email?

[joel jaeggli <joelja@bogus.com>]

On 8/14/17 12:01, vaibhav singh wrote:
> Hi,
> 
> As some of you may already know, General Data Protection Regulation
> (GDPR), about to be enforced in the EU within months, and calls for
> strict regulations for Right to rectify communications, Right to be
> forgotten , Pseudonymisation and Data portability.
> 
> With regards to this, me and my friends were thinking about the idea of
> a self-destructing email, wherein the sender will mark the mail to be
> destroyed (expunged from the server) once the receiver(s) have finished
> reading it/after a time period chosen by the sender.
> 
> Another enhancement to this idea was a notification which will be sent
> from some (Exploding email RFC) compliant MUA, in case the receiver
> refuses to delete the email from the client. (I know Snapchat is a poor
> example here, but they apparently send notifications to the originator
> of the snap in case any receiver tries to capture the screenshot of the
> snap. This is, in theory, what we are trying to do here).
> 
> I would also like to know about things (working groups, internet drafts
> etc) which are being done to enforce GDPR to
> email and Instant Messaging especially.

In order that you have some assurance that the demands provided at the
input side are honored on the receipt side you need effectively
end-to-end control over the system, that is the sender, receiver, and
any intermediate hops are part of the same administrative domain such
that any control imposed is actually implemented. That might be
practical for an email system but not generally for the email system.

> -- 
> 
> Regards,
> Vaibhav Singh