> Any PII protection law does not apply to non-personal information, including your notes
Why would your notes be included?
Personal data, by definition, is any information about an identifiable individual.
Any information.
It could be sensitive information (such as medical information, information about your sexuality, et cetera), it could be your height, it could be where you studied, it could be your favorite color and, of course, it could be what you posted.
You could make the argument that the individual isn't identifiable. Users have a public key, which identifies their account uniquely. You can argue it's pseudonymous, but users optionally can (and typically do) publish a kind 0 event, which often contains their full name and/or other identifiers.
It's not fully specified what counts or doesn't as an identifier. We do, however, know, for example, that IP addresses do count as identifiers by the GDPR, so anything which is connected to IP addresses can be personal data.
I would argue that what's connected to a social media account, including whatever is posted, can and should generally be regarded as personal data, even if no other identifier (such as an IP address) is present, if there is information associated with the account used to distinguish it from others and which commonly (even not as a requirement) is set to something which is sufficient to track back the identity of the user. A Nostr account on Nostr relays should be regarded with roughly the same standards.
> The GDPR for example also does not grant you the right of erasure if data is kept for archival purposes in the public interest.
Exceptions are whole different points.
It doesn't mean notes are not personal information.
Aspie96 / Valentino Giudice
npub13m…y8hs2
2024-08-14 18:48:04
in reply to nevent1q…w5pz
Author Public Key
npub13mjzjryckg9jnxgn3vez73nw5gx82cy0269t2083zjftlxewsjwqny8hs2Published at
2024-08-14 18:48:04Event JSON
{
"id": "5436d914719b432b0464fa84c91a89d7c3f6b9703e753c822cf9e31ba9749f69",
"pubkey": "8ee4290c98b20b2999138b322f466ea20c75608f568ab53cf11492bf9b2e849c",
"created_at": 1723654084,
"kind": 1,
"tags": [
[
"e",
"349fc845692d027b337e1cd0970621ffc8ac25deb66a8ea9ca7a9bb9a322c97b",
"",
"root"
],
[
"e",
"349fc845692d027b337e1cd0970621ffc8ac25deb66a8ea9ca7a9bb9a322c97b",
"",
"reply"
],
[
"p",
"52b4a076bcbbbdc3a1aefa3735816cf74993b1b8db202b01c883c58be7fad8bd",
"",
"mention"
]
],
"content": "\u003e Any PII protection law does not apply to non-personal information, including your notes\n\nWhy would your notes be included?\n\nPersonal data, by definition, is any information about an identifiable individual.\nAny information.\nIt could be sensitive information (such as medical information, information about your sexuality, et cetera), it could be your height, it could be where you studied, it could be your favorite color and, of course, it could be what you posted.\n\nYou could make the argument that the individual isn't identifiable. Users have a public key, which identifies their account uniquely. You can argue it's pseudonymous, but users optionally can (and typically do) publish a kind 0 event, which often contains their full name and/or other identifiers.\nIt's not fully specified what counts or doesn't as an identifier. We do, however, know, for example, that IP addresses do count as identifiers by the GDPR, so anything which is connected to IP addresses can be personal data.\nI would argue that what's connected to a social media account, including whatever is posted, can and should generally be regarded as personal data, even if no other identifier (such as an IP address) is present, if there is information associated with the account used to distinguish it from others and which commonly (even not as a requirement) is set to something which is sufficient to track back the identity of the user. A Nostr account on Nostr relays should be regarded with roughly the same standards.\n\n\u003e The GDPR for example also does not grant you the right of erasure if data is kept for archival purposes in the public interest.\n\nExceptions are whole different points.\nIt doesn't mean notes are not personal information.",
"sig": "0b785ef58e854d56adb32234c0fdc19919b25afa4db4260d62c051b567cf92988704708763e1468037bea0a709d3f93adc416da79f08d2c9d5c230099b0f36cb"
}