[hvidgaard]

If the information can be used to build a profile linked to me, it's PII. If you do not and cannot link it to me, then it's no longer PII. That is kinda in the name, Personally Identifiable Information. In short, if the collection of information can point to me, it's PII. If it cannot point to me it's not PII.

[StupidOne]

Problem is, if we take it to extreme, we are basically playing Cluedo game. Is "18 year old" PII? - no Is "orders pizza every Friday" PII? - no Is "always misspells word cheese" PII? - no Is "leaves 10% tip" PII? - no Combine it and you have PII.

[hvidgaard]

And rightfully so. If the collection points to me, then it's PII. Anonymized it might be "is between 18-25 years old", "orders fast food once a week", "tips between 0-10%".

Just because something it murky, doesn't mean businesses get to ignore it. The entire point is to force companies to actually think about what their data is and decide if they need to store PII. If they do it have implications. Have a reasonable explanation for choices, and are willing to rectify issues pointed out by consumers and/or DPA.