Ha, nice find! I'm the Adriaan in adriaan.com. I'm testing some new script features that might improve deliverability. It's not sending any personal data. I use another domain to have the least effect of ad-blockers.
> Ha, nice find! I'm the Adriaan in adriaan.com. I'm testing some new script features that might improve deliverability. It's not sending any personal data. I use another domain to have the least effect of ad-blockers.
You are sending the user agent, path, referrer, a session id + the IP (which is automatically sent) to your personal server and also using a different domain to track users who have ad blockers installed. Even Google Analytics does not use random domain names to track adblock users (yet).
This is slightly incorrect. By sending a request from your business website (SimpleAnalytics) to your personal domain (Adriaan), you actually transfer personal data. In this case, it’s the IP address, which according to GDPR is considered PII.
Taking into account the scope of privacy terms provided on your business website, it doesn’t include data sharing with your personal entity through your website. So this is basically illegal, unless adriaan[.]com belongs and operated by SimpleAnalytics company.
> When organisations seek to protect their user’s data, it is necessary that they understand the data they need to safeguard. Personal data, in the context of GDPR, covers a much wider range of information than personally identifiable information (PII), commonly used in North America. In other words, while all PII is considered personal data, not all personal data is PII.
When you say PII in context of GDPR you are simply using wrong term.
IANAL, and wrote PII because it's personal non-legally binding communication, and there is nothing wrong with using any terms that are familiar to both sides.
You can read it as both PII and personal data, and it doesn't change the fact that this data sharing is out of scope of the company Privacy Terms.
