I don't think fines about selling data can be enforced without explicit contracts about keeping data confidential. Such contracts don't exist for information Facebook gathers from your data, even if a lot of that data is indeed non-public.
In the case of privacy-endangering malpractice like unencrypted passwords, that is already happening through GDPR for example. It is also, however, affected by the contract the individual has with the company.
I don't think that social media interactions, especially on facebook, fall under that umbrella, in general. Private chats, maybe. But even there you know that friends may share the texts or get hacked, and the facebook system monitors such communication for certain things like child pornography, possibly resulting in Human operators reading your communication.
Much of what facebook does, and what we actually want it to do for us, is not possible with a reasonable expectation of privacy. If I put a photo on facebook, I know that the whole world has access.
In the case of privacy-endangering malpractice like unencrypted passwords, that is already happening through GDPR for example. It is also, however, affected by the contract the individual has with the company.
I don't think that social media interactions, especially on facebook, fall under that umbrella, in general. Private chats, maybe. But even there you know that friends may share the texts or get hacked, and the facebook system monitors such communication for certain things like child pornography, possibly resulting in Human operators reading your communication.
Much of what facebook does, and what we actually want it to do for us, is not possible with a reasonable expectation of privacy. If I put a photo on facebook, I know that the whole world has access.