[cnorthwood]

Facebook managed to get some off-Facebook activity from me even using this. The site in question was also loaded in a Private Browsing window and Facebook claimed it was from pixel tracking. I'm guessing they've inferred it based on IP, especially as I live by myself.

How this is legal under GDPR, given I'm a UK citizen, I'm really not sure.

[josephg]

Is the GDPR still in effect in the UK, now you've left the EU?

[kachnuv_ocasek]

Yes. It’s not like all the EU laws the UK had adopted before Brexit suddenly went out the window overnight.

[datenhorst]

Not necessarily true, since regulations are EU law that is immediately enforceable in member states, and are not generally transposed into state law.

[mamon]

I guess it depends on the country. In Poland my experience is that every time EU passes some regulation Polish parliament passes the corresponding bill implementing it. So even if we left EU tomorrow those bills will still be in effect.

Also, I'm not sure about this "immediately enforceable" part - I recall some cases where member states delayed implementing EU laws for years, sometimes ending up being sued to European Court of Justice.

[codethief]

> I guess it depends on the country.

AFAIK it works pretty much the same in all countries and only depends on whether it's an EU regulation[0] or an EU directive[1].

[0]: https://en.wikipedia.org/wiki/Regulation_(European_Union)

[1]: https://en.wikipedia.org/wiki/Directive_(European_Union)

[diroussel]

EU Regulations and Decisions directly affect member states. Whereas EU Directives require member states to enact new laws.

As the GDPR is a regulation, it directly applied to member states.

When the UK left the EU they made a paralled law

> The GDPR has been incorporated into UK data protection law as the UK GDPR see: https://ico.org.uk/for-organisations/dp-at-the-end-of-the-tr...

[prima-facie]

Yes, the UK has the DPA-2018 legislation which basically implements GDPR in the UK. [1] Its application is supervised by the ICO. Subject Access Request can be issued to pretty much any public institution / company [2]

"You have the right to find out if an organisation is using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a 'subject access request"

[1] https://en.wikipedia.org/wiki/Data_Protection_Act_2018

[2] https://ico.org.uk/your-data-matters/your-right-to-get-copie...

[datenhorst]

GDPR directly doesn't apply to the UK anymore (except for organisations that handle data of EU citizen, of course) but the UK chose to enact the GDPR into UK law via the Data Protection Law of 2018, which is aptly dubbed "UK GDPR".