If I write a name on a piece of paper here on my desk, I have not violated GDPR. If the radio commentator speaks the name of the soccer player who made a pass, he has not violated GDPR. But there are people who argue that names by themselves (without reference to anything else) are protected personal identification data. Which they clearly are not.
"This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."
A name or email in Kagi's database is very clearly subject to GDPR. A note on your desk may not be; not because the name isn't PII, but because not all PII is in a protected context.
You're incorrectly mixing up "it's not PII" with "it's not subject to GDPR". It's still PII even if you're not legally required to protect it in a specific scenario; I can, for example, tell random people about my wife's very unique medical conditions, but her hospital cannot.
"in particular by reference to an identifier such as a name"
What is there to misunderstand?
If I write a name on a piece of paper here on my desk, I have not violated GDPR. If the radio commentator speaks the name of the soccer player who made a pass, he has not violated GDPR. But there are people who argue that names by themselves (without reference to anything else) are protected personal identification data. Which they clearly are not.
The GDPR's scope is defined as:
"This Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system."
A name or email in Kagi's database is very clearly subject to GDPR. A note on your desk may not be; not because the name isn't PII, but because not all PII is in a protected context.
You're incorrectly mixing up "it's not PII" with "it's not subject to GDPR". It's still PII even if you're not legally required to protect it in a specific scenario; I can, for example, tell random people about my wife's very unique medical conditions, but her hospital cannot.
Thank you for demonstrating you have no idea what the GDPR is.
1 reply →