Twilio has updated its API documentation to include new annotations that clarify what personally identifiable information (PII) fields are and how they should be handled for GDPR compliance. The annotations provide guidance on data storage, retention, and protection, and explain why certain fields are considered PII while others are not. For example, Twilio SIDs are marked as "not PII" because they don't require technical protection or redaction, while phone numbers may be treated as PII if used to identify end-users. The goal is to empower developers to make informed choices about how to manage customer data and ensure GDPR compliance in their applications.