The Reuter’s article [0] this points to gives more info. Basically the judge felt the plaintiff was unrepresentative of the claimed class and any benefit would accrue to plaintiff and their lawyers while also finding Google’s action wrongful.
Mildly OT, as you’re a blind tennis fan, have you ever tried the adapted version of the sport for blind and partially sighted participants? If not, and you’re interested, I might be able to point you in the right direction depending on where you’re based.
No. This is a fundamental misunderstanding of the law. IP addresses are considered PII if and only if they can actually be legally used to identify an individual. And even where they can be, what on earth are you doing with them that you imagine is non compliance?
GDPR is for the most part making explicit things were implicit in the pre existing EU legislation, many of which have been subject to EU court rulings. There is a ton of precedent.
IP addresses are only PII if you are able to actually use them identify an individual.
> The CJEU decided that a dynamic IP address will be personal data in the hands of a website operator if:
there is another party (such as an ISP) that can link the dynamic IP address to the identity of an individual; and
the website operator has a "legal means" of obtaining access to the information held by the ISP in order to identify the individual. [1]
So once the account info is deleted, that link is broken. This another piece of DP legislation that has been subject to a great deal of FUD since most of the headlines just went with ‘court confirms IP address are PII’ and omitted ‘in some cases’. TBH, this was already pretty explicitly obvious from the legislation defining Personally Identifiable Information (hint: clue’s in the name).
You make this assertion elsewhere in the thread. It is incorrect. The entirety of the legislation is 88 pages long and it is really quite straightforward (full link preserved) [1].
Here is a set of (easily available) interactive tools, explainers and guidelines from ICO in the UK which explicitly outline what compliance looks like and what steps you can take to achieve and demonstrate it [2]. It’s available as a 162 page PDF, if you insist on counting pages, but much of it relates to the processing of sensitive data or data relating to children which the majority or orgs can skip.