[malvosenior]

Just a semantic nit pick on PII (personally identifiable information)...

Name is PII, location at a high enough resolution is PII. The rest are metadata about an individual but not PII. Knowing someone is a straight male doesn't tell you enough to identify a person.

This is relevant because GDPR (and other things) special case PII.

[keketi]

Thank you for the correction.

Also absent from the discourse is how much Facebook uses inferences from behavioral data in building user profiles.

For example, let's say that I have not told Facebook my sexual orientation. Do they attempt to infer that missing information from what content I view, for how long and how frequently? Is such data shared with 3rd parties? Is it used in ad targeting?

[malvosenior]

That would be interesting to know.

I'm probably in the extreme minority but I don't see anything wrong with them selling data that people voluntarily give them (no one is forced to use FB -- I assume they'll be monetizing 100% of the information I give them), but I would see an ethical issue with selling access to individuals based on inferred data; to the person buying it that is. If I want to advertise to 25 year old straight females, I'd want that profile to be built on data that was actually given to FB and not on "we kinda think this person matches that profile but we're going to tell you you're 100% reaching this demographic".

I don't know enough about FB's ad model to know whether they're doing this type of false advertising of their own product though.