-1

Is the user ID compliant with GDPR? Imagine that a company starts associating a userID when you create an account on the website.

Just the company will be able to associate the userID with a specific person, meaning, it is just a PII for the company, because I will be able to know that specific userID belongs to the user x.

When sending this info to the Google Analytics, Google will never know to whom that userID belongs, so the user is not identifiable by Google.

Is this legal to do? Associate user ID to the users that create an account on the website?

I'm sorry if I was not clear.

Thank you

PTaq
  • 11
  • 2

1 Answers1

1

Imagine that a company starts associating a userID when you create an account on the website

As soon as you attach any other personal data to that identifer, like for example an email address to sign up, or a name, then it is personal data.

It is exactly the same as a license plate, IP address or social security number. It identifies a person.

The fact that only a select few can access this data and actually draw a connection to a person does not matter. Someone can. That is all that's needed.

nvoigt
  • 11,938
  • 1
  • 22
  • 55