Comment by mwrd

There is no test under GDPR for personal data that can identify an individual to have to identify a single unique individual to be in scope of the legislation, just that the personal data can be used to identify _an_ individual. Two people living at the same address with the same name sharing the same telephone doesn't suddenly make all that personal data fall out of scope.

Whilst the response from OP is so obviously wrong and confusing that it's likely to be a troll and not worth engaging with, it's worth clarifying to anyone reading this thread that email addresses most certainly do qualify as personal data under GDPR. GDPR very clearly states what personal data is (see https://gdpr.eu/eu-gdpr-personal-data/ and https://gdpr-info.eu/issues/personal-data/) and that storing or processing of this data necessitates the need to comply with the requirements of the GDPR (particularly the rights detailed under https://gdpr-info.eu/chapter-3/).

For the purposes of this conversation, an email address is personal data, operating in the EU (and additionally, by way of carried-over legislation, the UK) means complying with the GDPR, and therefore Kagi need to provide mechanisms by which people covered by the legislation can enforce the rights afforded them within it.

(GDPR also doesn't use the term "PII", merely just "personal data" and goes on to detail what this means in terms of identification, which might add to the confusion in OPs original message).