← Back to context

Comment by ceejayoz

7 months ago

> There are people who argue that just the name of a person is PII and they are wrong.

It's very easy for a name to be PII. I'm quite certain mine is unique, due to hyphenating when I got married.

There is no test under GDPR for personal data that can identify an individual to have to identify a single unique individual to be in scope of the legislation, just that the personal data can be used to identify _an_ individual. Two people living at the same address with the same name sharing the same telephone doesn't suddenly make all that personal data fall out of scope.

Whilst the response from OP is so obviously wrong and confusing that it's likely to be a troll and not worth engaging with, it's worth clarifying to anyone reading this thread that email addresses most certainly do qualify as personal data under GDPR. GDPR very clearly states what personal data is (see https://gdpr.eu/eu-gdpr-personal-data/ and https://gdpr-info.eu/issues/personal-data/) and that storing or processing of this data necessitates the need to comply with the requirements of the GDPR (particularly the rights detailed under https://gdpr-info.eu/chapter-3/).

For the purposes of this conversation, an email address is personal data, operating in the EU (and additionally, by way of carried-over legislation, the UK) means complying with the GDPR, and therefore Kagi need to provide mechanisms by which people covered by the legislation can enforce the rights afforded them within it.

(GDPR also doesn't use the term "PII", merely just "personal data" and goes on to detail what this means in terms of identification, which might add to the confusion in OPs original message).

Your name by itself and not connected to anything else, is not PII. But there are many people who argue that.

  • > Your name by itself and not connected to anything else...

    It's in your database. That's inherently a connection to something else.