‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.
If it's not salted and the other site has the same information they can identify you. For example Google Analytics prevents you from uploading hashed emails because it makes them capable of identifying the person and link it new info with all the existing info they have.
In other words, the fact that it is cryptographically derived from the email is irrelevant. What makes an email PII is not the content of it, because outside of some rare names or personal/family domains, knowing John Doe who uses Yahoo is not enough to identify a person.
What makes email address and other unique identifiers like a hash of an email PII is that the given universally unique composition of letters and symbols is associated with a person.
john.doe@example.com -> a facebook profile -> Legal Person
836f82d......b39577f -> a facebook profile -> legal person.
For identifying a person both 836f82d......b39577f and john.doe@example.com are the same.
> Hashing is magic crypto pixie-dust, which takes personally identifiable information and makes it incomprehensible to the marketing department. When a marketing person looks at random letters and numbers they have no idea what it means. They can't imagine that anybody could possibly understand the information, reverse the hash, correlate the hashes, track them, save them, record them.
