That was my point a couple posts back. I’m not using the DoD definition of PII. I’m saying user data, so device ID, IMEI, ad tracker ID - why does this need to be individualized to a device/user? The answer: it doesn’t.These articles are very vague as to what data is actually being used. It sounds like the data they're talking about is sanitized or attributed less to an individual and instead to other attributes like phone ID, browser cookies, etc. Whether that is PII when not associated with your name is an interesting. I'd offer that if you associate my street address with my name it's PII. But my street address on it's own isn't PII, it's public record. My point is even with GPDR type protections in place your behaviors will still be sold. GPDR seems to be attempting to address the risk of compromised identity via a hack and just says companies have to solicit your consent and then protect your data. It doesn't seem to specifically cover data selling.
In most cases PII isn't needed to identify a person. You could just as easily be identified by your pant size, movies you like, etc.
Suppose >90% of dentists in America had a tiny sensor on the end of their dentist tools, and this sensor could automatically figure out what you ate/ drank routinely and target ads to you for grocery stores and restaurants near you based on your eating habits. And, almost all dentists used this sensor bc the ad companies compensated them highly - and no matter which dentist you visited in your town, it would be part of their standard “patient consent” form, so you really have no option but to consent or skip dental treatment. But oh no, if we ended this theoretical practice, what about the poor grocery stores and restaurants? How would they know precisely what you habitually eat and drink? Woe is them! Well, I say screw ‘em. They can present ads to me without precise, sensor-enabled foreknowledge of what I eat/drink, or they can not advertise to me and let me make up my own damn mind what I want to eat and drink.
Now, this cannot actually happen because of HIPAA. HIPAA is the only thing stopping it. But it’s happening right now, every day, with ofher unwanted data collection through smart devices. Because, there is no law to stop it. There is no law requiring an opt-in, or an opt-out. You either accept the “consent form” or throw out your device/ phone/ TV/ fridge/ thermostat/ doorbell/ etc. If there was a new law, the “consent” would become invalid. I bought a new TV last year and it literally cannot function as a TV unless I agree to the consent terms in full - it won’t let you progress past the startup screen. It’s bullshit and I think most tech companies are secretly shocked at what the US govt has allowed them to get away with to date. We need a HIPAA for user-specific data collection and monetization.