Comment by eqvinox

Interesting view on Mastodon arguing this might even be a criminal act, not just civil liability: https://infosec.exchange/@isotopp/114664494157616670

> What Meta did wasn’t just a violation of GDPR. It involved bypassing built-in technical protections with the intent to extract and link data — potentially personally identifiable information (PII) — to users without their knowledge or consent.

> That is the textbook definition of unauthorized access and data exfiltration.