Yeah, that’s a grey area actually. It’s why Google Analytics has the option of chopping off the last byte of IP addresses, for example.
Better to assume all PII and PI even if not identifying, belongs to the user. GDPR is explicit on some of this and not on others. Shared information, or that deemed necessary, won’t be deleted on request for say Uber/Lyft. There is a financial transaction and a driver etc, they won’t delete. They could sever the link to your profile though. Facebook offers something like this, but don’t do it. You will never be able to authenticate yourself again, and they will keep building the “anonymous” profile. It’s complicated for users out there...
>Better to assume all PII and PI even if not identifying, belongs to the user.
I agree from a liability standpoint, from a company's perspective. From a user perspective, better to assume all information that can be captured will be, it will eventually be available to all humanity and it doesn't belong to you.
Better to assume all PII and PI even if not identifying, belongs to the user. GDPR is explicit on some of this and not on others. Shared information, or that deemed necessary, won’t be deleted on request for say Uber/Lyft. There is a financial transaction and a driver etc, they won’t delete. They could sever the link to your profile though. Facebook offers something like this, but don’t do it. You will never be able to authenticate yourself again, and they will keep building the “anonymous” profile. It’s complicated for users out there...