[buzer]

> The new proposal which suggests that pseudonymized data is not always PII is a different thing.

This actually is already the case, see the recent CJEU C‑413/23 P. Currently the main question is if the recipient has a way to unmask the user. In case of IP address the answer is almost always yes since the recipient could ask competent authority to unmask the IP address if there is crime involved. That was the exact reasoning provided in the Breyer case.

In C‑413/23 P the recipient didn't have any reasonable way to map the opinion to real person so it was determined that it's not PII from recipient's POV but it was from the data controller's.

One of the issues in the new proposal is that it lowers the standard quite a bit compared to C‑413/23 P.