How do SMS/MMS/email/etc. handle this? Are you saying they would all become illegal? Or is this law going to uniquely place requirements on social media that other communication systems do not/would not comply with?
I’m not a lawyer, so take the following with a pinch of salt.
My GDPR compliance training said that data strictly necessary for the provision of a service is something a business can freely use to that end without explicit consent. This is why GitHub doesn’t show cookie popups: https://github.blog/2020-12-17-no-cookie-for-you/
So “User @Alice sent $message to user @Bob” is necessary for a chat platform, but “Notice to advertisers: User @Alice posts a lot about cars, cats, and funny shaped carrots” isn’t even though advertisers pay for the continued existence of the service.
I sincerely doubt that I understand enough about the topic to apply what little I’ve heard through the media about the Schrems judgements and the decision to invalidate the Privacy Shield framework and its predecessor to answer that.
My GDPR compliance training said that data strictly necessary for the provision of a service is something a business can freely use to that end without explicit consent. This is why GitHub doesn’t show cookie popups: https://github.blog/2020-12-17-no-cookie-for-you/
So “User @Alice sent $message to user @Bob” is necessary for a chat platform, but “Notice to advertisers: User @Alice posts a lot about cars, cats, and funny shaped carrots” isn’t even though advertisers pay for the continued existence of the service.