[mschuster91]

> If people are claiming that the SDK is still fetching despite adding that key, that could be breaking some compliance and consent laws...

It is still a violation of GDPR as I as the user never have the chance to consent (or not consent!) to any data transfer to Facebook. But as no one seems to be willing to go after FB... sigh.

[tpxl]

This is not a violation by Facebook, this is a violation by the app developer.

[mschuster91]

Technically yes, but it is as much also FB's fault for providing an SDK that cannot be used without violating the GDPR.

[pilif]

but that's the point: It can be. Just add that key to the plist file and the SDK won't initialize and won't do any requests by default.

This is absolutely on the app developers. Not knowing what an SDK you linked does or doesn't do doesn't absolve you from GDPR (or any law for that matter)

[superrad]

Is it a violation of GDPR if the data is anonymized?

[piva00]

Who is auditing if the data is anonymized?

[mschuster91]

It is, as FB will automatically get at least the IP address, date and time which is seen as PII under GDPR.