[scarface74]

You didn’t answer the question . How do you have a global graph without sending data to every country where your friends are?

This is another example of clueless EU regulators creating laws with no understanding of the implications

[devjab]

> You didn’t answer the question . How do you have a global graph without sending data to every country where your friends are?

You do not, but that is not what the ruling is about. This ruling is about Meta using standard contracts (SCC) to achieve mass acceptance for personal data transfers of EU citizens out of the EU. Which you are not allowed to do with the GDPR. If Meta had obtained individual permissions from you on your various personal information, then it would not have been illegal for Meta to share your information globally.

This isn’t really about what you share on FB either, it’s about all the data that Meta applications gather about you (often without your knowledge) that they then send outside the EU with a very generalised permission that you probably auto-accepted when you signed up. It’s exactly because the EU regulators know that people auto-accept those general agreements without ever reading them that the law has been made to make such agreements non-GDPR-compliant. The reasoning is that you cannot sign away your rights without understanding what you are signing away, and if corporations don’t want to make sure you know what you are agreeing to then the corporations are in violations of EU law.

[JohnFen]

> How do you have a global graph without sending data to every country where your friends are?

Why is it important that this can be done? The "social graph" is for the benefit of the likes of Facebook. You already know who your friends are and how to talk with them. You don't need a third-party social graph for that.

[scarface_74]

So Facebook and no other social media platform should exist? Or are you saying that a messaging platform shouldn’t store messages between a user in the EU and a group of users in the US?

[tlamponi]

> How do you have a global graph without sending data to every country where your friends are?

On-Demand, i.e., if one of your friends actually visited your "node" (profile or whatever) and also by following the law for the country the data originates from, no need to store anything in the target country – i.e., like most of the internet already works (or worked), it's really not _that_ hard.

> This is another example of clueless EU regulators creating laws with no understanding of the implications

Meh, maybe some are clueless, but one sees also a lot head scratching and scapegoating from people that don't bother to even think on solutions or what the actual laws are about (i.e., are themselves clueless about the actual implications).

[scarface_74]

And what happens when I send a private message from the EU to someone in the US via Messenger?

[robertlagrant]

It needs to simultaneously accessible to UK law enforcement and not reachable from another country. Come on Meta, can't you solve that really easy one?

[ilyt]

bans UK

[tlamponi]

If you sent that, it's OK to have the data transferred, like I can already send a letter with a USB pen drive to a friend in America without anyone in the chain being liable for handling that, as long as they don't leak to third parties, i.e., anyone I did not choose to give my data.

As said, it's really not that hard.

[niho]

Well, a private message sent via Messenger is not personal data (PII), so is not covered by GDPR. This is a very simple concept that critics of GDPR seems to ignore or get wrong over and over again.

It’s not about protecting all data. It’s about protecting personal data.

https://gdpr.eu/eu-gdpr-personal-data/

[scarface_74]

How is a private message not personal data?

[SideburnsOfDoom]

There's literally a definition of PII at the link given above, which could tell you that. So stop asking stupid questions.

[scarface_74]

So yes you’re right my personal messages attached to my user name doesn’t relate to an identifiable person.

“which is any piece of information that relates to an identifiable person.”

[bjornsing]

The message is sent to the EU bureaucrats so they can scan it for X, where X is initially child porno but will surely expand. Your friend just sees a gray box with the text “Displaying this message would violate the GDPR.”

It’s the perfect user experience!

[waynesonfire]

GDPR states, "The storage limitation principles state that you should keep personal data for as long as the purpose is unfulfilled"

Seems like FB was storing a little bit more than just social graph and for a bit longer.