Comment on Lemmy's Image Problem
maynarkh@feddit.nl 8 months agoUsernames at the very least.
Art. 4 GDPR Definitions
For the purposes of this Regulation:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
SupraMario@lemmy.world 8 months ago
Usernames are not PII…the GDPR only applies if someone is making money from the service. It does not mean just because your site is free but hosts ads or sells user data it’s exempt. Lemmy instances do none of this.
maynarkh@feddit.nl 8 months ago
What do you think an online identifier is then? And why would the GDPR only apply if there is money made? It specifically says in multiple places free services also count.
SupraMario@lemmy.world 8 months ago
www.ibm.com/topics/pii#:~:text=Personally identif….
Usernames are not and never have been considered pii
The GDPR states it clearly that the company/entity has to be collecting pii or selling something to the person. Lemmy does neither of these.
maynarkh@feddit.nl 8 months ago
How is IBM authoritative on this subject? And even so, this article doesn’t say that usernames are not PII, it even indirectly says it is indirect PII.
Here’s another random company’s page saying usernames are PII: keepersecurity.com/…/what-is-personally-identifia…
The GDPR says it clearly and explicitly that: