1

Assuming the answer from GDPR - is user social ID personal data is correct.

Let's consider the following case: I have a social network with public user profiles and publicly exposed user IDs. I also track user activity by these user IDs and the dashboard with user activity is also public. Then a person asks me to erase their personal data and I delete the profile, but keep the ID in the user activity table/dashboard. So new coming users cannot identify that person, but if it is an old user, he/she may maintain internal excel spreadsheet to keep the link between user ID and user data. And later on, identify the person.

Is it a valid use-case? shall I remove user ID from the user activity table?

nick318
  • 113
  • 3

1 Answers1

3

Is it a valid use-case? shall I remove user ID from the user activity table?

Yes, this user id is PII, you need to remove it.

That said, you may want to check what basis you have to still retain the user activities, even without the identifier. If you delete a user profile, it should be gone. Not "slightly gone in parts but mostly still visible".

The only legal reason to keep it would be if you somehow invoiced people based on it, or had to report the numbers to some authority.

nvoigt
  • 11,938
  • 1
  • 22
  • 55