Prof. Dr. Ronald Petrlic

Professor, Nuremberg Institute of Technology

Professor for Information Security at TH Nürnberg & Consultant. Interested in Self-Sovereign Identity, Technical Data Protection and IT Security. In previous role: Responsible for the first GDPR fine in Germany.

15:45 - 15:55

24 April - Thursday Main Stage

Why do data protection authorities still tolerate email spoofing?

In this talk, Prof. Dr. Ronald Petrlic from the Nuremberg Institute of Technology will focus on the role of data protection authorities in enforcing standard mechanisms such as SPF and DKIM by controllers. He will highlight how the authorities have been largely inactive on this issue, tolerating non-compliance. Emphasising the situation in Germany, Prof. Dr. Petrlic notes that German DPAs concentrate significantly on email security, albeit on the wrong details. Additionally, he will present a longitudinal study of approximately 130,000 German companies regarding their implementation of SPF and DMARC, demonstrating the impact of regulations such as PCI.Take Aways: Non-enforcement of state of the art security measures; longitudinal Study of companies‘ mail servers; impact of regulation