Hacker News new | ask | show | jobs
by wtfstatists 2956 days ago
Ok here is my email: 1373f84998986cf8@tutanota.com. Identify me! Know that I wont used the email elsewhere.

> You cannot use ToU to bypass GDPR.

Just to clarify this is not buried in ToU but laid out clearly.

So the website says dont give PII. User still does. And GDPR would penalize the website ? Citation please.
1 comments
dogma1138 2956 days ago
Are you serious? the fact that your email isn't yourname@mailprovider.com doesn't make it any less identifiable. My IP address is 192.168.1.1 identify me... It also doesn't matter if you think the information is identifiable or not what matters is how the GDPR defines it.

The GDPR defines PII and there isn't anything you can do about it you can't ask users to make a throwaway email account and hope that you can pass GDPR by claiming that it's not PII this isn't how regulation works.

What matters isn't that the email address reveals your name is that someone can use it to identify additional information about you such as if you are subscribed to a specific service or not.

>So the website says dont give PII. User still does. And GDPR would penalize the website ? Citation please.

If the website asks for an email address that is PII under the GDPR.

link
wtfstatists 2955 days ago
IP is not a user-entered data and cannot be freely selected, unlike email addresses.

> the fact that your email isn't yourname@mailprovider.com doesn't make it any less identifiable.

The only official guidelines about email I could find are in here [1]. It does not say all email addresses are PII. It just says "name.surname@company.com" type addresses are PII and "info@company.com" type addresses are NOT PII. So even "yourname@mailprovider.com" may be non-PII.

> someone can use it to identify additional information about you such as if you are subscribed to a specific service or not.

Thats not enough. The service need to have PII. That is, if none of the services has PII, the email address is not PII.

> you can't ask users to make a throwaway email account

Throwaway is not needed. At best an individual need 2 email accounts. One address for the services where he is identified (eg bank website) and one address for where he is not (eg random forum).

So this is not an onerous condition at all. If thats the case you are making.

> If the website asks for an email address that is PII under the GDPR.

This is not a (official) citation.

[1] https://ec.europa.eu/info/law/law-topic/data-protection/refo...

link