Op 20-07-19 13:25 heeft FIM4L namens Peter Schober <fim4l-bounces@lists.daasi.de namens peter.schober@univie.ac.at> geschreven:
Nit: If the SP recieves a persistent identifier (i.e., one that doesn't change from session to session) the subject is not "anonymous" but merely "pseudonymous", at least under GDPR terminology. (This matters to those of us that have to compy with GDPR because "anonymous data" isn't personal data and doesn't fall under GDPR, but "pseudonymous" is personal data just as if it were not pseudonymised.)
Can't we say that, with regard to a persistent identifier, - for an IdP it is pseudonymous (for they can translate it to a person) - for an SP it is anonymous (for they are not able to translate it to a person)?
regards, Jos