top | item 38096040

(no title)

dsies | 2 years ago

https://gdpr-info.eu/art-4-gdpr/ paragraph 1:

> ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

discuss

thih9|2 years ago

This does not reference hashing, which can be an irreversible and destructive operation. As such, it can remove the “relating” part - i.e. you’ll no longer be able to use the information to relate it to an identifiable natural person.

In this context, if I define a hashing function that e.g. sums all ip address octets, what then?

jvdvegt|2 years ago

A hash (whether MD5 or some SHA) on IP4-address is easily reversed.

Summing octets is non-reversable, so it seems like a good 'hash' to me (but note: you'll get a lot of collisions). And of course, IANAL.

dsies|2 years ago

I was answering your request for a source.

The linked article talks about identification numbers that can be used to link a person. I am not a lawyer but the article specifically refers to one person.

By that logic, if the hash you generate cannot be linked to exactly one, specific person/request - you’re in the clear. I think ;)