[Sylos]

GDPR is reasonable. How Facebook handles user data is not.

I'm sure, they'll mostly ignore the law at first, and if they get sued, they'll claim having a legitimate interest [1], but that will be their strategy, because actually complying with the law voluntarily would likely cost them more.

And yes, especially Germany already had a very similar law in place, but Facebook did not actually need to keep to it most of the time, because they were operating from Ireland. GDPR does not care where you're operating from. The fines would have also not been much more than operational costs for Facebook (the highest fine placed in Germany for privacy violations so far is at 300,000€).

[1] section 1 f): https://gdpr-info.eu/art-6-gdpr/

[AstralStorm]

Ignoring the court order of which they were duly informed and which contains time to comply is a felony. Including a huge fine in this case, which will likely be calculated per German user. Think something closer to 30 M€.

[Sylos]

With "ignore the law", I meant not (fully) implementing the requirements that the GDPR imposes. If a judge actually rules that they did not properly implement the GDPR requirements, then yeah, they will correct that.

But until someone sues them and that court case concludes, there's going to be a lot of time, in which they can probably make enough money by not properly implementing the GDPR requirements to easily recover however high that fine is in the end.