On Sun, Aug 9, 2020 at 2:18 AM Nathan nawrich@gmail.com wrote:
I don't see how any part of it constitutes creating biometric identifiers, nor is it obvious to me how it must remove anonymity of users.
The GDPR for example defines biometric data as "personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person" (Art. 4 (14)). That seems to fit, although it could be argued that the tool would link accounts to other accounts and not to people so the data is not used for "identification of a natural person", but that does not sound super convincing. The GDPR (Art 9) generally forbids processing biometric data, except for a number of special cases, some of which can be argued to apply:
* processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects; * processing relates to personal data which are manifestly made public by the data subject;
but I wouldn't say it's clear-cut.