b'GDPR provides a "right to be forgotten," whereby individuals can demand the removal of PII from IT systems. This can run directly contrary to the transparency and permanence built into the DNA of public PKI systems. We explore this conundrum.'