Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No, personal data in GDPR is much wider than American PII definition.


Maybe so, but stuff you post on public forums is not PII, neither by the American nor the European definition.


Something similar happens with HIPAA that people don’t understand.

Personal Health Information is only applicable in a specific setting (a covered entity). You telling your boss/friend/form about your health information does not make it PHI. You willingly disclosed that information.m, it loses its protected status.


GDPR has no such exclusion criteria. The definition is astonishingly simple:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’).

Note the weight of the word “any” here.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: