Facebook has been known to break the law and stall the release of all data they hold about your person. People often get an incomplete set of documents, and are ghosted when they insist on receiving the missing data categories.
Like most scummy companies, they bet that you don't have the funds / care enough to sue them.
For example EBay sent an email to me (IP/DMARK/DKIM verified) that they had received the payment and were holding it for 'security reasons' and my account would be penalised if not shipped on time. A week later they sent an email saying that they have suspended the buyer for fraud and that I should contact the shipping company to have the item returned (was already delivered at that time). When contacting them (after 50 bot replies) they just denied sending anything (and that their signatures were spoofed), removed any info of the auction from my account, said their TOS exempts them from any damages, and told me not to contact them again.
Not going through a drawn out lawsuit over $150 where my only proof is crypto signatures as all info on my account was wiped..
Tangentially, I used DKIM signatures as proof (of them unilaterally canceling my order) in my charge back against Harbor Freight and either they just roll over on all chargebacks or it was enough proof to make them.
For a legit company that would be enough to at the very least call the tech department and investigate if the servers have been hacked. Given that their immediate response was to erase all info about the auction ever existing; they knew what was going on..
Facebook claims that the data they have on people cannot be understood by the average person, and because the GDPR requirements state that data needs to be given in an easily understood format, giving this data would violate the law. So they refuse to give it.
This was after months of simply ignoring the requests.
And the GDPR archive is... funny. They're so hellbent on never ever letting anyone export their social graph in a usable format. So, if you request your friend list through the GDPR export tool, what do you think you get?
Names of your friends and timestamps of when you added them. That's all. This is just so ridiculously useless for anything but compliance.
Besides that, there are no user/group/post/whatever IDs anywhere. Everyone and everything is referred to by names and names only. It's hilarious.
There was a negative connotation associated with the FB brand, which caused people to leave, so they rebranded and it's like they have a clean slate. [1] They now seem to be on a hiring spree again to get more people to build a bigger surveillance empire using heavy stock comp. Stock growth is dependent on their ability to keep the masses pacified while hoarding more data and targeting better.
From the Facebook SDK that is embedded on nearly every app that's constantly phoning home, to the largest social media apps, they hoard so much data. If GDPR doesn't unfaze them, I don't know what regulation will.
