Comment

Usernames are not PII…the GDPR only applies if someone is making money from the service. It does not mean just because your site is free but hosts ads or sells user data it’s exempt. Lemmy instances do none of this.

source

Sort:hotnew top

maynarkh@feddit.nl ⁨6⁩ ⁨months⁩ ago

Usernames are not PII

What do you think an online identifier is then? And why would the GDPR only apply if there is money made? It specifically says in multiple places free services also count.

source
- SupraMario@lemmy.world ⁨6⁩ ⁨months⁩ ago
  www.ibm.com/topics/pii#:~:text=Personally identif….
  
  Usernames are not and never have been considered pii
  
  The GDPR states it clearly that the company/entity has to be collecting pii or selling something to the person. Lemmy does neither of these.
  
  source
  - maynarkh@feddit.nl ⁨6⁩ ⁨months⁩ ago
    How is IBM authoritative on this subject? And even so, this article doesn’t say that usernames are not PII, it even indirectly says it is indirect PII.
    
    Here’s another random company’s page saying usernames are PII: keepersecurity.com/…/what-is-personally-identifia…
    
    The GDPR says it clearly and explicitly that:
    
    online identifiers such as usernames are PII
    
    selling data or money transactions of any kind is not a requirement for the GDPR rules to apply
    
    source
    SupraMario@lemmy.world ⁨6⁩ ⁨months⁩ ago
    Usernames that are used in an internal network are, because they’re linked to pii, a public username is not pii.
    
    source
    -> View More Comments