Which is exactly what has happened. GDPR (or any other piece of legislation, really) explicitly enumerates some of the situations.
E.g. Recital 47 on Overriding legitimate interest:
"The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest."
I.e. Facebook is entitled to use your data for their own direct marketing (e.g. sending you leaflets, sale offers or telemarketing) to you according to this. We can guess how did this provision get there (likely the lobbying has been fierce).
Or Article 22 on automated processing/profiling:
"The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."
A lot of people make all sorts of comments on GDPR (and other regulation) but it is unfortunate that very few have actually *read* what they are commenting on.
E.g. Recital 47 on Overriding legitimate interest:
"The processing of personal data strictly necessary for the purposes of preventing fraud also constitutes a legitimate interest of the data controller concerned. The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest."
I.e. Facebook is entitled to use your data for their own direct marketing (e.g. sending you leaflets, sale offers or telemarketing) to you according to this. We can guess how did this provision get there (likely the lobbying has been fierce).
Or Article 22 on automated processing/profiling:
"The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her."
Full text of the directive is here: https://gdpr.eu/article-1-subject-matter-and-objectives-over...
A lot of people make all sorts of comments on GDPR (and other regulation) but it is unfortunate that very few have actually *read* what they are commenting on.