Apply the counterfactual: what would have to be the case in order to correlate the UUID in question with user data?
We do not store anything else that could correlate with that UUID. We don't expose it to anybody else and it's unclear how, even if we did, it would result in personal correlation.
You can argue against this, but it's simply how the GDPR defines personal data, and if you violate it, someone could report you to their data protection authority.
Secondly, the GDPR does not just do this to protect citizens against direct use of their personal data (I think most Homebrew users would be immediately convinced that you wouldn't misuse this data, including me), but also scenarios that are outside of your control. Such as: Google decides to violate the GDPR against your will and correlates the data. Or: Google Analytics gets hacked, the data set becomes available on the black market or wherever and people correlate the data with other leaked data.
We do not store anything else that could correlate with that UUID. We don't expose it to anybody else and it's unclear how, even if we did, it would result in personal correlation.
You can argue against this, but it's simply how the GDPR defines personal data, and if you violate it, someone could report you to their data protection authority.
Secondly, the GDPR does not just do this to protect citizens against direct use of their personal data (I think most Homebrew users would be immediately convinced that you wouldn't misuse this data, including me), but also scenarios that are outside of your control. Such as: Google decides to violate the GDPR against your will and correlates the data. Or: Google Analytics gets hacked, the data set becomes available on the black market or wherever and people correlate the data with other leaked data.