I'm not entirely sure GDPR covers, or intends to cover, hiring a private investigator. A PI who is likely to use a great deal of other avenues than cracking a hashed database for a Steam ID. (your browser, OS, font choices . . . none of these even remotely pinpoint your physical location. Or even your digital one) That's what I mean when I say this doesn't contravene GDPR. This doesn't mean the personal issue of data privacy is voided - everyone has their own standards. I mean GDPR is not the door to be knocking on here, and yet unfortunately it's just another initialism people are going to throw out on the Web to make some vague threat of legal action. The amount of companies that flat out shut down their sites for anyone living in the EU indicate that this is a law not to be trifled with. Nobody with any sense, for any amount of money, is going to be anywhere near contravening it. That should hopefully cover that angle from me.