[xanipher]

>Should Facebook provide this without redaction of the recipients' identities? I'd say no, providing this data without that redaction is a violation of the recipients' privacy.

How is it a violation of privacy to tell a user with which other users they have communicated in the past?

[manfredo]

Do you want your Facebook usage published because any one of the hundreds (thousands?) of the people you interacted with requested their data under GDPR?

It's not just telling the user. Once they info is published said user can turn around and tell it to the rest of the world. Some people have already published their requested data, it seems unlikely that people publishing said data face consequences.

Sure, nothing is stopping people from scrolling through chat logs screenshotting them. But that's difficult to do at scale, so there's de-facto limits on how much info can leak this way. Also consider the situation in which you unfriend someone, thus preventing them from seeing past chat logs - I think, I haven't used Facebook in a long time. If that person does a GDPR request should the company deliver data that the user is otherwise prohibited from viewing? If GDPR does mandate this it seems like a legally-mandated side channel attack.