undefined | Better HN

0 pointsspiffytech4y ago0 comments

> Another way to be compliant is to not collect PII.

The GDPR extends far beyond the US notion of PII. As I understand it, it covers basically all user-submitted or user-related data if it's possible for that data to be hypothetically tied to an individual in the EU (even if that can be done without your service holding traditional PII).

> As a private individual I suspect you would not have much to stand on if the NSA knocked on your door.

Yeah, a federal agent with a wrench can do anything they want to me (https://xkcd.com/538/), but I'm trying to figure out my options.

0 comments

inetknght4y ago

> The GDPR extends far beyond the US notion of PII.

That's a good thing. The US notion of PII is ridiculously naive.

jimmydorry4y ago

It includes IP address... the fundamental glue that makes routing to and from said servers possible. Good luck being able to resolve web requests without knowing where to send the response.

inetknght4y ago

IP address is both personally-identifying information and also technically required to provide computational service.

Just like your name is personally-identifying information and (usually) required to provide medical service.

But being required for service doesn't automatically mean that it can be shared with third parties. You can't share names with third parties. Why would you share IP addresses?

1 more reply

j / k navigate · click thread line to collapse

0 pointsspiffytech4y ago0 comments

> Another way to be compliant is to not collect PII.

> As a private individual I suspect you would not have much to stand on if the NSA knocked on your door.

Yeah, a federal agent with a wrench can do anything they want to me (https://xkcd.com/538/), but I'm trying to figure out my options.

0 comments

inetknght4y ago

> The GDPR extends far beyond the US notion of PII.

That's a good thing. The US notion of PII is ridiculously naive.

jimmydorry4y ago

It includes IP address... the fundamental glue that makes routing to and from said servers possible. Good luck being able to resolve web requests without knowing where to send the response.

inetknght4y ago

IP address is both personally-identifying information and also technically required to provide computational service.

Just like your name is personally-identifying information and (usually) required to provide medical service.

But being required for service doesn't automatically mean that it can be shared with third parties. You can't share names with third parties. Why would you share IP addresses?

1 more reply

j / k navigate · click thread line to collapse