[woodpanel]

"In May, researchers say Facebook asked to meet with the project leaders and accused them of violating the platform’s terms of service. Another objection was that the project violated the GDPR, since it collected data from users who had not consented to participate."

Aww, GDPR keeps on giving – to those who can afford the legal manhours. Thank you, Jan Philipp Albrecht. You've ruined the internet.

[sdoering]

It is quite an interesting question if this was in fact a GDPR question.

You have a user of an electronic tool providing (potentially per definition of the GDPR) PII data to a third party without the consent of the people the data is about.

This coming from FB. The company how massively nudges people to share their whole phone books when installing any one of their apps.

So can we expect FB to stop this practice as it is structurally comparable?

[amcoastal]

Lmfao, sure, if you take Facebooks arguments at face value even though they are obviously wrong. But hey, who cares if the argument is true if its a launching point for a moronic personal grievance to be aired.

[phatfish]

On the criteria of "legal manhours" the internet was ruined by Facebook/Google et al long before the GDPR was around. Plenty of other options for their lawyers to abuse.

[estaseuropano]

Any sufficiently powerful law will be abused. I don't think any internet was ruined by GDPR.

[southerntofu]

Not exactly ruined, but it introduces a lot of problems. First, because it's a very WEAK privacy protection regulation, where explicit concern is only one of the six criteria you can use to legally collect personal information.

Second, because some of those other criteria are absurd: legitimate interest, really? What does that even mean? And let's not even get started on legal requests for interception of personal data.

Third, because it gives people a false sense of security while pretending their privacy is being respected. But GDPR is in fact much weaker than some previous privacy regulations, including French "Informatique et Libertés" law from 1978. GDPR is a huge regression for privacy online: a huge regression because most privacy invasion that was illegal in French law (and others) is now perfectly legal, and because in terms of UX we now have "consent" popups everywhere, destroying the very concept of consent* and forcing everyone and anyone to use JavaScript to use websites (JavaScript being the enemy of security and privacy on the web).

EDIT: Why do you think those regulations passed without even strong debate/opposition? In the rare case regulators want to make a good consumer protection regulation, there is systematically strong opposition from the lobbies, and the law is usually taken down or rendered meaningless. The "rendered meaningless" part didn't even have to take place with GDPR because the law was insignificant to begin with.

* Explicit user consent is slowly starting to be interpreted as in sexual consent, i.e. you can refuse without negative consequences. But even that basic interpretation is taken time to become unanimous.