logoalt Hacker News

sam_lowry_02/20/20250 repliesview on HN

This is also true, to some extent. You have to have valid reason to access PII (Personally Identifiable Information). All access is logged and the DPO (The Data Privacy Office, one of the good things GDPR formalized) monitors access on a regular basis.

And since the current understanding is that even the combination of an IP address and a timestamp is personally identifiable... many organizations are actively not collecting usage stats. Which leads to the abuse of public funds, but this is a different story.