upvote
Probably yes it does. Not that it matters when you hack a website to have some expensive jewelry sent to your home address.
reply
deleted
reply
So what if it does? They'll get hit with a fine that will be the equivalent of 6 hours of revenue as they continue to be bastards.
reply
GDPR only covers PII, this is a randomly generated ID that changes on every install on the OS.

You can mix it with other info to track a user, but it's not enough to de-anonymize someone on its own.

reply
If they associate it with a Microsoft account (or anything that is identifiable) then it becomes PII.

And of course they are.

reply
unfortunately under GDPR, anonymous IDs are personal data as they are used to single out a data subject.
reply
unfortunately???
reply