undefined | Better HN

Skip to content

Top Best Ask Show New Jobs

0 pointsmschuster916y ago0 comments

> If people are claiming that the SDK is still fetching despite adding that key, that could be breaking some compliance and consent laws...

It is still a violation of GDPR as I as the user never have the chance to consent (or not consent!) to any data transfer to Facebook. But as no one seems to be willing to go after FB... sigh.

0 comments

6 comments · 2 top-level

tpxl6y ago· 2 in thread

This is not a violation by Facebook, this is a violation by the app developer.

mschuster91OP6y ago

Technically yes, but it is as much also FB's fault for providing an SDK that cannot be used without violating the GDPR.

pilif6y ago

but that's the point: It can be. Just add that key to the plist file and the SDK won't initialize and won't do any requests by default.

This is absolutely on the app developers. Not knowing what an SDK you linked does or doesn't do doesn't absolve you from GDPR (or any law for that matter)

superrad6y ago· 2 in thread

Is it a violation of GDPR if the data is anonymized?

piva006y ago

Who is auditing if the data is anonymized?

mschuster91OP6y ago

It is, as FB will automatically get at least the IP address, date and time which is seen as PII under GDPR.

j / k navigate · click thread line to collapse