>Data you put on social media is basically public. It may not be easily discoverable by the public at large, but that lack of discoverability is not a perpetual guarantee at all.
That's an individuals own risk, and not the same as whether Facebook should treat them as private, and don't sell them, expose them, etc.
Sure, I should be cautious of what I say in social media, because e.g. the other side could leak it, the servers could be hacked and the contents exposed, etc.
The same holds for my snail mail or what I type in my laptop. But I still expect those to be kept private (and even more importantly, want them to be kept so, and want the law to enforce that).
Just because there's no "perpetual guarantee" doesn't mean there shouldn't be company closing fines for selling your data, or showing negligence in making them private (e.g. unencrypted passwords come to mind) etc.
I don't think fines about selling data can be enforced without explicit contracts about keeping data confidential. Such contracts don't exist for information Facebook gathers from your data, even if a lot of that data is indeed non-public.
In the case of privacy-endangering malpractice like unencrypted passwords, that is already happening through GDPR for example. It is also, however, affected by the contract the individual has with the company.
I don't think that social media interactions, especially on facebook, fall under that umbrella, in general. Private chats, maybe. But even there you know that friends may share the texts or get hacked, and the facebook system monitors such communication for certain things like child pornography, possibly resulting in Human operators reading your communication.
Much of what facebook does, and what we actually want it to do for us, is not possible with a reasonable expectation of privacy. If I put a photo on facebook, I know that the whole world has access.
That's an individuals own risk, and not the same as whether Facebook should treat them as private, and don't sell them, expose them, etc.
Sure, I should be cautious of what I say in social media, because e.g. the other side could leak it, the servers could be hacked and the contents exposed, etc.
The same holds for my snail mail or what I type in my laptop. But I still expect those to be kept private (and even more importantly, want them to be kept so, and want the law to enforce that).
Just because there's no "perpetual guarantee" doesn't mean there shouldn't be company closing fines for selling your data, or showing negligence in making them private (e.g. unencrypted passwords come to mind) etc.