[nocha]

That is also PII being used for the purpose it was collected for (identifying a contributor) and I believe falls under Art.6(1)(f) of the GDPR. You would likely have a hard time convincing anybody that you can apply the right to be forgotten to a git repo - especially as that particular processing can be argued to not be requiring consent once you have submitted your commits.

[dleslie]

The author details are not necessary for the core function of git; the change itself does not need the PII. Moreover, my concern is general for when PII is in such a distributed system; git is just one example of many.