Hacker News new | past | comments | ask | show | jobs | submit login

What is or isn't PII, which is a US legal term, is irrelevant.

What matters is if it's Personal Data.

Personal Data is defined by the GDPR as:

"‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person".

I would say a tracking ID falls under "an identification number [or] online identifier"...




Fair point on PII.

But to the rest of your post: I don't think so. I think there an identification number is something like a government-issued ID number.

An online identifier would have to identify you (e.g. my Hacker News username is probably identifiable).

The way I think of it is if someone who isn't authorised to know who I am can look in a system at the number and then go off and correlate that info to find me without further reference to other data in said system.

A database ID doesn't count, because you'd then need to look up something actually identifiable in the system to figure out who I am; neither does an opaque tracking number.

My social security number is identifiable; my email address may be identifiable; if I gave birth in region X to octuplets, then that probably is too.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: