Wait, so you're saying it allows anyone to store and publish the personal information of Europeans? Without doing anything like have some way for people to contact you and request what information you have on them?
Which would also likely be perfectly legal under GDPR, assuming the phone number was given freely to you, we can reasonably assume informed consent.
As it's really hard to use a phone number for anything else than phoning someone, we can also reasonably say that the data is only used under the originally stated purposes.
And then the phone number is not shared with the public, but stored at a secure location (fridge) having organizational (family rules) and technical (locked doors, windows) policies in place to secure the information.
Given the required security level for a __single__ phone number I would say this would be a reasonable level of caution.
> Which would also likely be perfectly legal under GDPR, assuming the phone number was given freely to you, we can reasonably assume informed consent.
So what happens if you got the phone number from your friend's sister? Or off of caller ID?
> As it's really hard to use a phone number for anything else than phoning someone, we can also reasonably say that the data is only used under the originally stated purposes.
There are lots of things you can do with a phone number other than phoning someone. There are services that effectively use phone numbers as usernames, you could give it to them to see if your friend is on that service. When your new girlfriend asks who this number on the caller ID is you can tell them who it is (disclosing it to them). You could store it on your computer which gets backed up to some random cloud service in the US. That's all common human behavior.
> And then the phone number is not shared with the public, but stored at a secure location (fridge) having organizational (family rules) and technical (locked doors, windows) policies in place to secure the information.
The scenario is that it's also being posted to a public blog.
> Given the required security level for a __single__ phone number I would say this would be a reasonable level of caution.
Is it more common for a person to know a __single__ phone number, or have an address book full of them?
You're looking for the case where by coincidence it happens to not be a violation. Even if you find it, that doesn't help anything if accidental violations remain widespread.
Then what does it actually do?