On Tue, 2019-01-08 at 09:59 -0500, Owen Taylor wrote:
On Tue, Jan 8, 2019 at 7:17 AM Benjamin Berg <bberg(a)redhat.com>
> On Tue, 2019-01-08 at 12:33 +0100, Miroslav Suchý wrote:
> > Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> > > *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> > > *identification* *of* *data* *subjects*
> > How do you identify data subject solely on UUID?
> You also inherently collect information such as the IP and the
> timestamp of the request which in principle permits identification. You
> could for example collect the IP from Fedora account logins and one of
> these pings. This way you can de-anonymise the data collected for the
We can certainly implement a setup that does not collect or store the
UUID together with the IP address or timestamp. Send the UUID as a
HTTP header, don't log it, send the UUID off to a counting service
(*). If we make sure the UUID is protected in transit, sent only to
our own servers (or servers configured by the user), and not collected
or stored in a personally identifiable way, I suspect that we're
meeting our obligations under the GDPR, though we'd need to
double-check any selected solution carefully.
You are right that it is possible to immediately discard or obfuscate
But, as Nicolas pointed out, the argument here is that the UUID itself
likely needs to be considered "personal data" in the GDPR sense. And
even doing something as minimal as that seems to imply "processing"
the data in the GDPR sense.
 The definition of "processing" reads:
‘processing’ means any operation or set of operations which is
performed on personal data or on sets of personal data, whether or not
by automated means, such as collection, recording, organisation,
structuring, storage, adaptation or alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or
otherwise making available, alignment or combination, restriction,
erasure or destruction;