Hacker News new | ask | show | jobs
by withinboredom 1303 days ago
I'm not sure what point you're making.

Knowing an IP address is useless information, until you have a database linking IP addresses to geolocation. Knowing my address is useless information, until you have a map. Knowing my name is useless, until you have Google. Knowing my user id is useless, until you have a leaked database (or other vulnerability).

These are all PII, because they're useless until you have some other information, and then they deanonymize you.
1 comments
glitchc 1303 days ago
There's a lot of confusion here. You need to read the GDPR carefully. The GDPR is the only source that explicitly mentions IP, and even they distinguish IP as "personal data", not "personally identifiable data." No other privacy legislation on the planet considers IP to represent any kind of PII.

I will reiterate my point. It is impossible to operate the internet or any other network where a server must distinguish between two or more client without some kind of identifier for session management. Just think about it.

link
withinboredom 1294 days ago
I am literally face palming so hard right now. I also wish I'd seen this reply earlier.

The GDPR never mentions "personally identifiable data" as that is a US term. In the GDPR, it only says "personal data" which is the exact same thing according to the GDPR.

link