Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.313 Inform inability to identify users

This document contains the details of the security requirements related to the management and protection of data privacy in the organization. This requirement establishes the importance of informing the user of the system's inability to individually identify them, whenever it can be demonstrated.


The system must inform the users whenever it can demonstrate its inability to individually identify them using the information it has collected from them.


Systems usually request information from the users or collect it based on their interactions with the application. Some regulations related to the collection of personal data are only applicable if the user can be identified using this data. Whenever the system is unable to individually identify its users with the data it collects from them, and it can demonstrate it, it must inform them of this situation.


  1. GDPR. Art. 11: Processing which does not require identification.(2). Where the controller is able to demonstrate that it is not in a position to identify the data subject, the controller shall inform the data subject accordingly, if possible.

Service status - Terms of Use