I cannot believe IAB Europe is still referring to 'personally-identifiable information' in its "Guide to the Post Third-Party Cookie Era". This concept just doesn't exist under the GDPR, and what they call an 'anonymous UUID' is in fact a pseudonymous ID.
https://iabeurope.eu/knowledge-hub/iab-europe-guide-to-the-post-third-party-cookie-era/

IAB Europe states the guide should "prepare brands, agencies, publishers and tech intermediaries" and I'd say this is clearly misinformation.

Other recommendations are questionable, at least. No, email/phone-based IDs are not 'very likely to replace' cookie IDs. Won't happen.

No, marketers won't replace cookie IDs with location data 'as part of a holistic strategy'. Location is highly sensitive, and thus high risk with regards to compliance.

They also won't increasingly turn to mobile advertising IDs which are also risky (and in any case not on iOS).

What I like is that they clearly refer to the linkability of personal IDs.

FB custom audiences = 'direct integration and activation of email addresses'

'map ...email addresses to digital identifiers'
'connecting email addresses to digital identifiers'
'people-based identifiers'

"While most … listed universal IDs would normally be written to the page as third-party cookies, the fact that Prebid has domain level access to the page means that it is able to set a first-party cookie"

Put those on the todo list for GDPR complaints, DPAs, browser vendors

Btw. While I'm not expecting much from most contributors to this guide, which aims to further sustain today's broken and exploitative surveillance advertising ecosystem against consumer expectations and the law, it's a shame that a public broadcaster, the BBC, takes part in this.

I wonder why Google, whose 'ads data hub' is prominently featured in the guide, is not listed as a contributor

In case you didn't hear it from me, both Google's extensive centralized personal data business and the wild west of distributed personal data business must end.