When a new user account is created in Jira, the user key (used as an immutable foreign key in the database) is the same as username, lowercased. For example, user Admin will get a user key admin. If there’s a naming conflict, the user key will be set to a value like ID10100.
This is problematic, because usernames are often based on full names. As a result, user keys contain personal information that is later scattered throughout the entire database, making GDPR compliance harder.
User keys in Jira do not contain any personal information, but are somewhat random.