On Sun, Aug 9, 2020 at 2:18 AM Nathan <nawrich(a)gmail.com> wrote:
I don't see how any part of it constitutes
creating biometric identifiers,
nor is it obvious to me how it must remove anonymity of users.
The GDPR for example defines biometric data as "personal data resulting
from specific technical processing relating to the physical, physiological
or behavioural characteristics of a natural person, which allow or confirm
the unique identification of that natural person" (Art. 4 (14)). That seems
to fit, although it could be argued that the tool would link accounts to
other accounts and not to people so the data is not used for
"identification of a natural person", but that does not sound super
convincing. The GDPR (Art 9) generally forbids processing biometric data,
except for a number of special cases, some of which can be argued to apply:
* processing is carried out in the course of its legitimate activities with
appropriate safeguards by a foundation, association or any other
not-for-profit body with a political, philosophical, religious or trade
union aim and on condition that the processing relates solely to the
members or to former members of the body or to persons who have regular
contact with it in connection with its purposes and that the personal data
are not disclosed outside that body without the consent of the data
subjects;
* processing relates to personal data which are manifestly made public by
the data subject;
but I wouldn't say it's clear-cut.