|
|
|
|
|
|
by geocar
1822 days ago
|
|
|
> With gdpr, you can at least download all the data they have collected about you. I don’t believe this is correct: They may only have to provide data they “control” (in the GDPR-sense of the word; see Art.15,3) If they merely downloaded it for processing into market segments or even just generated high-value marketing segments directly on the device, they would only have to and be able to give you the list of those segments, and maybe explain broadly that they learned this from “on-line activity”. If they do exfiltrate everything, they could hold this data for “legitimate interests” such as for lawful intercept, fraud detection, or disaster recovery. If it is not a “normal” business practice to access[1] it they may not be required to reveal that they have it. Note I am not verifying that Facebook does these things only what my understanding of their obligations are under the GDPR. This does not constitute legal advice, I am not your lawyer, and so on. [1]: FB’s normal business is selling ads and they don’t typically let ad sales or traffickers access this raw data directly. |
|
|
1. You only get the data you provided to the service, not the data they derived from your use of the service. Incidentally, this second data set can be as much critical when shared to third parties.
2. You only get the data they kept about you, not the data that resulted from the various transfers to their partner companies and which was thereafter correlated with other databases.
These two sets of data are about the user, but the user never gets to see it, unless it is explicitly requested to the partner companies.
Thanks Trojan horse GDPR.