← Back to context

Comment by contubernio

1 day ago

Does this not violate European privacy laws?

Probably yes it does. Not that it matters when you hack a website to have some expensive jewelry sent to your home address.

So what if it does? They'll get hit with a fine that will be the equivalent of 6 hours of revenue as they continue to be bastards.

GDPR only covers PII, this is a randomly generated ID that changes on every install on the OS.

You can mix it with other info to track a user, but it's not enough to de-anonymize someone on its own.

  • If they associate it with a Microsoft account (or anything that is identifiable) then it becomes PII.

    And of course they are.