Hacker News new | comments | show | ask | jobs | submit login

So, the GDPR actually says two things

- personal data is any data about a person which could, in combination with other data that you may not have, identify a person. That's much broader than your definition. In this case, I think the claim would be that if you knew all programs installed by a person, you could figure out who that person is. It's still probably a stretch. It's good that they prevented themselves from knowing what the program is, because that could sweep up health data. ie imagine they knew you were running a blood sugar tracking program, they could infer you had diabetes. Health data is in a heightened protection class under the GDPR.

- The game would still have to service data requests, ie give me all your data about me.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact