Re: re:'Personally identfiable information'
yes it could. Yet that Giner bloke can go out and walk in a street and be seen by everyone. It is implied consent. He can't stop that under reasonable use.
Same with an IP address. You can't not have one when browsing, regardless of NAT or not.
"Under GDPR, this extends to things like IP addresses (called "online identifiers" I believe)."
Using a gmail or email address as an identifier is different to an ip address. I don't think an IP address, unless linked to a specific person using data you already hold, is covered under that.
However, I may know that a person who came from ip address X came back several times over the course of a month. That means I can see that a single person may have browsed, but that in itself is not allowing me to tie it to a specific person unless that person registered with me from that address, then I could do so. That changes things - it is now personally identifying.
Same with a phone number, you can't not supply a calling number to a telecom provider (hint - withholding your number doesn't withhold it to a telecom provider in normal practice, they just can't pass on your number) so therefore in order to use a phone, you have to do this in the normal course of business.
So either everyone who has a phone, or anyone who phones up a callee means that that callee's telco now has a responsibility to the person making the call outside of the normal Telecom obligations? Well that would be crazy and couldn't be complied with. So this is why I state that there is difficulty in a lot of areas of compling. This is why, I suspect, that evidence of attempting to comply is given a lot of credence in GDPR and data protection in general, than saying 'You must comply or die' because in most cases, it would be unsustainable without clear rules. But the language isn't clear. So there are so many ways to interpret it.
Hence, GDPR is a good gig to get into.