Re: Is this forum prepared for the GDPR?
- Posted by ghaberek (admin) May 01, 2018
- 2206 views
I'll say this one last thing, then I'll be done. A username and password does not fall under the domain of PII. (How could it, since my username is euphoric and my password is not known by OpenEuphoria?)
I know you're done but unfortunately you're also wrong. I'm not trying to be confrontational, I just want to make sure we're not going to get ourselves in trouble.
According to that PDF I linked to earlier, it states: (emphasis mine)
The personally identifiable information (PII) that will be relevant in the context of the GDPR includes data subjects’ biometric data, network identifiers, images, hobbies, political preferences, religious preferences, sexual orientation and other information about EU residents.
The phrase "network identifiers" and the ever-more-vague "other information" could very well include a username.
And if you look up Personally identifiable information on Wikipedia, it says: (emphasis mine)
NIST definition
The following data, often used for the express purpose of distinguishing individual identity, clearly classify as PII under the definition used by the National Institute of Standards and Technology (described in detail below):
- Full name (if not common)
- Face (sometimes)
- Home address
- Email address (if private from an association/club membership, etc.)
- <snip>
- Telephone number
- Login name, screen name, nickname, or handle
So there you go. That seems pretty straight-forward to me.
-Greg