Comment by mega_dingus
6 years ago
This.
A bank account number is consider PII. Knowing the bank name & account number will uniquely identify the account holder's name, which is PII.
6 years ago
This.
A bank account number is consider PII. Knowing the bank name & account number will uniquely identify the account holder's name, which is PII.
IP addresses are considered PII under both GDPR and CCPA.
... which is crazy unrealistic, since it's "PII" that can only stay "private" by collective agreement of every node in the network, but no accounting for the reality of network architecture in passing law, I guess.
Maybe a deep expectation of anonymity while accessing a worldwide network of cooperative machines is something people should stop telling the public they should expect?
Under GDPR you can use all the PII you reasonably need to provide expected services, you don't even need separate consent. But, if you have PII, the moment you use it for other purposes, or obtain/retain/share without proper cause, you are breaking the law.
IMHO, that is very reasonable.
Real world example - giving your phone number and information to your car mechanic / doctor / bank teller / plumber is reasonable. Using that information to score girls or ask donation for a puppy shelter would be considered improper.
1 reply →
Or they can stay 'private' by not being stored or correlated with other user data. GDPR doesn't apply to the network itself, it applies to whoever is using it.
2 replies →
[dead]