Hacker News new | ask | show | jobs
by EsssM7QVMehFPAs 2374 days ago
"Personal data which have undergone pseudonymisation, which could be attributed to a natural person by the use of additional information should be considered to be information on an identifiable natural person."

GA pseudoanonymizes visitor data, but the does not exempt site operators from adhering to the consent mechanisms of the GDPR.
1 comments
lentil 2373 days ago
But the cookie is not "Personal data which have undergone pseudonymisation", is it? Assuming we're talking about the case where no PII is being sent along with the tracking data (which I believe is the point of masking the IP address, among other protections) how could this be attributed to a natural person?

What I'm trying to understand is why the addition of an opaque cookie value necessarily changes the situation, such that consent is required.

It's very possible I'm missing something here; genuinely trying to learn what that is.

link