[privacylawthrow]

Consent is not, and has never been, the only legal means by which personal data can be processed. When the article says:

>This would mean that the company does not have to give users a free choice and obtain a separate and unambiguous consent.

it neglects to mention that using Facebook and entering into a contract with Facebook is optional.

[wavefunction]

Facebook has a history of creating "shadow profiles" which are not exactly optional or transparent to the user.

[dathinab]

Of people which also haven't signed their terms of service.

[Jon_Lowtek]

the so called "facebook pixel" allows webservice owners to tell FB about all the people interacting with their service. Next to page impressions and interaction events it allows to send the customers personal data (name, address, phone number, email and gender) to FB, so the interaction can be matched to a profile. Cookies, IP address and browser metadata are always sent due to loading of code from FB servers. AdBlockers kill that ridiculous violation of consumer rights.

However a good number of online services with user registration integrate some identity resolution provider that sends all customer data to FB among others on the backend in exchange for a link to the profile, if it exists, reasoning that automated stalking increases the performance of their sales/support agents.

Even if not integrated directly many use some crm/csm/lead/sales/support/stuff-tooling that gets a copy of all their customers personal data and then shares it with services they integrate in bulk. Registering for one service can thus create many "shadow profiles" with other companies the consumer never directly interacts with.

The consumer facing corporations are required to disclose such third parties in their privacy policies (and should strife to make such data sharing configurable by optin -> see consent), but often skimp on the data protection impact assessment, at most disclose why they share with some other company but not what actually happens with the data, and prefer to tell lies about how much they value privacy, while they don't actually care who gets a copy of their customers personal data as long as they don't have to pay for sharing it.

So if you regularly register with some fancy new service, then there is a non zero chance that FB has a "shadow profile" about you even if you don't have a FB account. Same goes for SalesForce, Google, Adobe and other players in the big data business.

Now in EU-vs-FB the megacorp stated they are not keeping data on non-fb-users because they are getting so much data about registered users, who are the people they are getting paid to show targeted content to by their customers, that they really don't care about people who are not on their platform. And since it would be illegal to profile them, they are especially not doing that. Rumors are this is a lie and FB is keeping huge data swamps, but i have seen no proof: so far there is a certain lack of whisteblowers.

[stiray]

> using Facebook and entering into a contract with Facebook is optional

It just doesn't work this way (please search for implications bellow, it was nuked during the USA daylight by people who think that lowering the visibility will make GDPR go away):

EDPS Opinion 4/2017 on the Proposal for a Directive on certain aspects concerning contracts for the supply of digital content, 14 March 2017, p. 7.

"There might well be a market for personal data, just like there is, tragically, a market for live human organs, but that does not mean that we can or should give the market the blessing of legislation. One cannot monetize and subject a fundamental right to a simple commercial transaction, even if it is the individual concerned by the data who is a party to the transaction."

Bottom line, you cant discriminate who can use the service based on giving you allowance to use personal data, if it is free for people who give you consent, then it must also be free for people who don't give you the consent.

[anoncake]

> it neglects to mention that using Facebook and entering into a contract with Facebook is optional.

In theory, not always in reality.

[encom]

This is true.

I talked with a fellow electrician friend of mine: At his job they're organising their on-call rotation via Facebook. I was horrified. Refusal to use Facebook in this situation would be very difficult. I very much suspect this situation is not unique.