Under the GDPR the definition of PII is “any piece of information that relates to an identifiable person/individual” meaning that yes, deleted tweets are not PII, but only if the post cannot be linked to the poster, as otherwise it would be PII according to the GDPR. This can also be backed up by the Nowak v Data Protection Commissioner case, which ruled that while exam results, which is not PII, would still be still considered PII if it can be linked to the exam candidate. Content published online would also be covered by the GDPR given that it still falls under that definition.
1 Like