Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Anti-Spam (Bitdefender) data protection compliance (German privacy/data protection laws)
  •  
EdRoxter

Messages: 67
Karma: 2
Send a private message to this user
Dear all,

does anyone have an estimation whether the new Kerio Anti-Spam/Bitdefender feature is compliant to German data protection laws?

I read http://kb.kerio.com/product/kerio-connect/server-configurati on/antispam/kerio-anti-spam-filter-1886.html#sect-datasent on this issue, and I'm not sure if - by our very strict laws - it's permitted to transfer/evaluate/log even a person's IP address. (Courts are very divided on this, though - some say, it's a private datum, others say that it's comparable to a car's license plate.) Also I guess, to transfer "URLs, e-mail addresses and telephone numbers" to a US-based company's system (even if it's only evaluated automatically there) without informing the user beforehand is quite likely illegal in Germany.

Any thoughts on this?

Kind regards
Nico
  •  
Pavel Dobry (Kerio)

Messages: 5144
Karma: 241
Send a private message to this user
Kerio Anti-Spam uses datacenters located in EU for users from EU.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Carsten Maas (Kerio)

Messages: 247
Karma: 27
Send a private message to this user
And when you deactivate the "Permit use of spam/non-spam" functionality, the encrypted transmitted data to the Bitdefender cloud will be deleted immediately after the analyzing process.

Carsten Maas
Senior Technical Marketing Engineer
Kerio Technologies

Kerio Deutschland youtube Channel
http://www.youtube.com/KerioDeutschland
  •  
EdRoxter

Messages: 67
Karma: 2
Send a private message to this user
Thanks for the information, that will suffice for me to check with the corporate and legal policies! Smile
  •  
Carsten Maas (Kerio)

Messages: 247
Karma: 27
Send a private message to this user
I just had a phone call with the "Landesamt für Datenschutz in Niedersachsen" (Federal Department for data privacy & security, Lower Saxony).
The bottomline of the phone call is the following:

As long as the data is encrypted and/or the communication is encrypted, they see no concerns about sending such information to a cloud for spam processing/analyzing. You, as the owner of the mailserver respectively the received mail, are allowed to protect yourself from unwanted/dangerous mails with basically any technique you are able to use. Restrictions only apply to companies for example in the armaments industries. There will be additional laws which may apply.

As the data, send to the Bitdefender cloud,


    * is encrypted and/or the communication channel is encrypted
    * the Bitdefender cloud for Kerio Connects based in Europe is send to their European cloud
    * the transmitted data gives no conclusion to the original sender


this should be no legal issue at all. If you would like to be 100% sure, do not hesitate to make a request to your own "Federal Department for data privacy & security" or a legal counsel, who is specialized in data security issues.

[Updated on: Thu, 19 May 2016 13:40]


Carsten Maas
Senior Technical Marketing Engineer
Kerio Technologies

Kerio Deutschland youtube Channel
http://www.youtube.com/KerioDeutschland
  •  
EdRoxter

Messages: 67
Karma: 2
Send a private message to this user
Wow, Carsten, thank you very much for the huge effort!

I guess, if the Lower Saxonians give such a definite statement, the other Data Security Federal Departments will just give the same lead.

Then I will definitely order the Advanced Anti-Spam feature, since the old way with Bayes and Blacklists doesn't work so well with new spam waves, and I can't get my users to

  1. differentiate between really unsolicited spam mail and newsletters that are basically legitimate (i.e. they have subscribed to them) but they don't want to read them anymore
  2. or use the flag as spam function at all, many rather just delete the mails


Plus, the amount of e-mails on our KC instance isn't that large, so I guess, Bitdefender may have a much larger base of data upon which to classify mails.

Again, thank all of you very much for your input and efforts!
  •  
sysopfromhell

Messages: 18
Karma: 4
Send a private message to this user
I just want to add to this very valuable conversation, that the Bit Defender Anti Spam method is the best thing since sliced bread, seriously. The amount of detected unwanted e-mails compared to the Bayes engine is unbelievable. Plus much less work compared to managing the SA.

Great idea and great product.



Previous Topic: 5.3.0 Mailbox alias could not be expanded
Next Topic: Synchronisation conflict
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Dec 09 16:23:18 CET 2016

Total time taken to generate the page: 0.00915 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.