| The standard official Facebook response to this is that you do not own your "shadow profile" since it's a profile made out of data gathered from other people and companies, and thus they can not let you control it. In other words "it is not your data". I doubt that holds in court, but as mentioned in the article, there are people in the EU who for months have tried to get Facebook to provide the shadow profile data on GDPR grounds, and Facebook has yet to allow it. It seems like Facebook can afford to stall, they've got more knowledge and power than a single EU citizen can have, so I'm sure they know what they're doing. ---- To be honest, I think Facebook is in breach of _multiple_ GDPR articles _simultaneously_ here, which is quite a feat in itself. They're in breach of: - Privacy by Design (a.k.a. Privacy by Default) - Right to Access - Right to Be Forgotten (which is older than GDPR..?) - Data Portability Then again, Facebook is not alone. I'm pretty sure there are very, very few companies on the web that are not in breach of GDPR at least in spirit, if not in letter. |
There's a zero chance that holds in court. If it were possible to have a negative chance it would have a negative chance of holding in court.
Data protection does not in any way relate to "ownership" of data.
If the data are personal data then you are forbidden from processing that data unless you have one of seven lawful bases enumerated in the GDPR, and where the data are sensitive then those bases are reduced further.