[BrandoElFollito]

I am not sure this is illegal in France. The fact that you share someone's contact means that you checked with them that this is ok. It is your (the one who shares) duty to do the check.

So it may not fall into the unsolicited mail clause.

This is of course independent on the fact that this is a despicable practice.

[marsokod]

When you collect contacts, shouldn't you state the purpose of the communication? If so, I would assume most of the contacts in the address book never consented to being contacted about the non-payment of the bill. So European citizens can't use the app legally.

[BrandoElFollito]

Yes, but you can always get back to them and ask for permission.

The point I am trying to make is that the person who is sharing the information takes the responsibility, not the application (which uses it as advertized, at least according to the quotes here as I did not read the tos myself).

[Pedrit0]

I am almost sure (I must admit I am a bit too lazy to search more deeply :-) ) that the new European regulation about data privacy makes it impossible. I have a cousin who his lawyer. I ll ask him tomorrow and get back here to tell you (just for curiosity... this is an interesting question)

[BrandoElFollito]

Thank you, I would be very interested. I will also ask our DPO when back from "vacation".

I mildly participated in the preparations for GDPR in my (large) company and the sharing of third party personal data was one of the points. It was a few years back so my memory may be at fault here.

[Pedrit0]

T'es Français ?

[BrandoElFollito]

Oué :)

[Pedrit0]

Moi aussi j'ai bossé sur la RGPD pour mon ancienne boite (grosse boite industrielle) et j'ai cru mourir :-) Je suis manager dans l'IT. Le gros moment de solitude quand tu réalises qu'au niveau de tes outils, produits, méthodes, voire même de tes objectifs, rien n'est GDPR-compliant, ni de près ni de loin... ^^

[JeanMarcS]

Something sure is that when they (OP app) starts sending mail or SMS to user contact to shame him/her, it will definitely be unsolicited mail/sms.

Imagine you have a friend in debt and start receiving such notices ? They’re collecting private information on you (your name, your phone number or your email) without your consent.

IANAL but I’m pretty confident it falls under GDPR.

(Sans parler du fait que les mecs qui font ça sont quand même une belle bande d’enfoirés)

[BrandoElFollito]

Except if the app user went to their contacts to ask them for authorization, as they should do under EU law.

If they do not, they are to blame because they willingly shared the contacts. The app used them per their tos.

(et oui, je suis d'accord que c'est un vrai dick move, aparamment c'est une pratique courante en Inde pour ce genre d'apps)