It’s quite a good and shocking article, and I recommend the read, however I’m guessing there are some few people like me who didn’t know all the acronyms in the title.

NOYB (None of Your Business) is a European non-profit organization that focuses on enforcing privacy rights and data protection laws, particularly the General Data Protection Regulation (GDPR). It was founded in 2018 by privacy activist Max Schrems, who is known for his successful legal actions against major tech companies for privacy violations. NOYB aims to ensure that companies comply with data protection regulations by filing strategic complaints and legal actions. The organization seeks to empower individuals by protecting their personal data and advocating for stronger privacy rights.

A Data Protection Authority (DPA) is an independent public authority responsible for overseeing the application of data protection laws, such as the General Data Protection Regulation (GDPR) in the European Union. DPAs are tasked with safeguarding individuals’ privacy rights and ensuring that organizations comply with data protection regulations. Their roles include:

1. Monitoring Compliance: Ensuring that data processing activities adhere to data protection laws.
2. Investigating Complaints: Addressing complaints from individuals regarding their data protection rights.
3. Providing Guidance: Offering advice and guidelines to organizations and individuals on data protection issues.
4. Enforcing Laws: Imposing penalties and sanctions on entities that violate data protection regulations.
5. Raising Awareness: Educating the public about their data protection rights and responsibilities.

DPAs operate within each EU member state, and they cooperate with each other to ensure a consistent application of data protection laws across the EU.

**Irish DPC is complicit (again). **According to reports, this blatant breach of the GDPR is (again) based on a “deal” with the Irish Data Protection Commission (the DPC is Meta’s EU regulator). The DPC has previously had a deal with Meta that allowed the company to circumvent the GDPR – and ended with a € 395 million fine against Meta after the European Data Protection Board (EDPB) overruled the Irish DPC.

Meta has previously said that it is technically unable to distinguish between data from users in the EU/EEA and other countries where people don’t enjoy GDPR protection. Meta has also said that it cannot distinguish between sensitive data under Article 9 GDPR, such as ethnicity, political opinions, religious beliefs (for which the “legitimate interest” argument is not available under the law), and other data for which a “legitimate interest” could theoretically be claimed.

If cannot distinguish, default should to treat all data sensitive. That not in gdpr? If not that huge oversight.

And fucking fine them to infinity for it. Why would they not do something like this again if all they have to do is say “my bad bro”.

This kind of shit is why I keep telling people to thoroughly divest in every way from Meta. They’re just going to keep doing shit like this.

GDPR has never stoped them breaking laws. Fines are the cost of doing business. When we give anti-libre software our data, it’s game over.