[throw20220707]

From GDPR point-of-view this kind of 3rd party data collection is not acceptable (assuming it covers personal information, for example names of people and what they have posted). The difference with Meta's own data collection is that the users have relationship with Meta and users have given their permission for Meta to handle the data. Users also know they can contact Meta and ask them to remove the data.

3rd parties don't have the consent from users. Users don't even have an idea these companies might be holding their data.

[Nextgrid]

From a GDPR point of view the scraper would be acting as a data processor on behalf of their customer, no different from using a cloud storage service for your contacts. It's fine as long as the third-party doesn't misuse the scraped data or share it with third-parties and there's no evidence they did so in this case.

[danuker]

> and there's no evidence they did so in this case.

Indeed; the users probably wanted to make the data public, if scraper accounts could see it. There is a GDPR allowance for data "manifestly made public by the data subject".

https://gdpr-info.eu/art-9-gdpr/

Here, it's just Facebook wanting to keep the data inside a walled garden.

For the same reason, I quit LinkedIn and made my own site. I don't want people to have to sign in to see my profile.