[mziel]

I don't see how shadow profiles can be justified under GDPR and ePrivacy. If have identifiable information (just "some" ID will do, but also IP and various other fingerprints) then you need to allow for deletion/takeout/opt-out. Current strategy of implied consent ("if you're on this site you agree") is strictly not allowed.

[e12e]

It's not. Well, as long as the GDPR applies. So, if we assume there are a 5 billion profiles on fb (2 billion actual users, and everyone else that use the Web at least occasionally - I'm not sure if 5 billion total is a bit high) - compliance with GDPR would render some 100s million high value profiles illegal. Applying the GDPR to the remaining profiles would require an entirely new business model for Facebook.