← Back to context

Comment by Kipters

1 day ago

GDPR only covers PII, this is a randomly generated ID that changes on every install on the OS.

You can mix it with other info to track a user, but it's not enough to de-anonymize someone on its own.

If they associate it with a Microsoft account (or anything that is identifiable) then it becomes PII.

And of course they are.