GDPR: Public virtual ID is visible = personal date?

Gu
- in Servers
20

I'm currently working on a Minecraft server so I need a better definition of person related data.
With Minecraft it is the case that as soon as a player goes to a server, the client sends data to the server. These data contain IP, username and a virtual ID called "UUID" (Universally Unique Identifier).

This ID is generated randomly when you buy the game.

With this ID you can find out the username of the player, but vice versa, I can find out the ID with the username.

Now my question is, is this ID and username a person related date?
Because both can easily be viewed online.

Be

As long as there's no club or company behind your game server and everything is purely private, you don't need to worry about the GDPR theater.

Sn

You can see the UUID for every username. They are not secret and there's no personal data included.

https://de.namemc.com/ Since e.g.

Av

What software do you use for this? (Default, NukkitX, PokkitMine.)
What you wanna do? (See UUIDs from other players, ask players about data usage (GDPR) …)

Gu

Well it will be a public server in the area of a small company.

Gu

I use Spigot but will switch to PaperSpigot soon. I would like to save the UUID together with the name in a database in order to save coins or something similar.

Be

Well, then - you should think about that.

And maybe ask someone who really knows what he is talking about, you face high penalties if you make mistakes.

Gu

Therefore I would like to know whether this virtual ID or the username is a person-related date. Because at least I can't access a person with the data, because I don't know who bought this account.

Av

Yes it is. But he / she has not described what he / she uses as software. So you can't give him meaningful answers…

Gu

I gave an answer to your counter question 7 minutes ago. In addition, my question has nothing to do with the server but with the term "person-related data".

Av

OK

Sy

The GDPR only affects websites, not Minecraft servers. If you are commercially active and market the server, the GDPR also only applies to the website that markets the server. E.g. Tebex and payment service providers, these are integrated via the website, but not via the server. Even the buycraft.jar. Only transmits the UUID and the player name, nothing else.

Gu

Perfect thank you!

Be

And now you actually make the financial survival of your company / employer dependent on the correctness of a comment from internet user "katzebiggi"?

(Don't get me wrong, katzebiggi. I don't mean to say anything against your comment or to doubt its correctness)

Pr

Sorry, but that's completely wrong.

The GDPR is about personal data, regardless of where the data is stored. It can even include handwritten notes.

Websites are almost always affected, but by no means the only medium in which the GDPR has to be observed.

Pr

Usernames, IDs, email address, place of residence, IP addresses (mostly), health data - to name a few examples.

All data relating to a person are personal data.

Sy

This is about a Minecraft server, not about data that you put somewhere real. Please do not mix up anything here.

Pr

The OP's question is: "My question is, is this ID and username a person-related date?"

And that can only be answered with "yes".

Sy

No, it is not possible to determine a real person and their data. That would only be possible approximately via the IP, but also not specifically.

Pr

That would only be one of the next steps and it doesn't matter at first.

With a lot of personal data, a real person can't be found out directly - e.g. With an email address it is not always immediately clear which real person it is.

With your reasoning, a list of names and birthdays would not be a problem - but this is a hot topic among privacy advocates and lawyers.

Sy

I would suggest ending the topic here, as it no longer has anything to do with the Minecraft server of the questioner.