logoalt Hacker News

Kipterstoday at 12:18 PM2 repliesview on HN

GDPR only covers PII, this is a randomly generated ID that changes on every install on the OS.

You can mix it with other info to track a user, but it's not enough to de-anonymize someone on its own.


Replies

tjofftoday at 12:41 PM

If they associate it with a Microsoft account (or anything that is identifiable) then it becomes PII.

And of course they are.

totaatoday at 12:40 PM

unfortunately under GDPR, anonymous IDs are personal data as they are used to single out a data subject.

show 1 reply