Well, a private message sent via Messenger is not personal data (PII), so is not covered by GDPR. This is a very simple concept that critics of GDPR seems to ignore or get wrong over and over again.
It’s not about protecting all data. It’s about protecting personal data.
No, you are misinterpreting what the law is saying. The purpose of the law is to protect from the collection of data points (height, age, political opinions, etc.) about individuals. Sure, a private message between two individuals can contain such information in a way that can be associated with a specific individual. If Facebook would scan all private messages for such data and store it in unencrypted form, then yes, they would violate GDPR. But a simple text message between two individuals does not by default violate GDPR.
A very important aspect of GDPR is a consideration for the purpose of the processing of data. If your company is providing an international messaging service in order to harvest sensitive personal data from private messages, then yes that is very much illegal. But if the purpose is simply to provide a messaging service and you are taking the appropriate steps to secure the data of your users, then it is not illegal.
> your company is providing an international messaging service in order to harvest sensitive personal data from private messages, then yes that is very much illegal
The government hates competition. Only they should have the right to do that and force back doors on encryption standards…
If the message is really private (i.e. end-to-end encrypted) then Facebook can't see it , and if it can't see it, or process it in any way then the GDPR does not apply. And if Facebook does access the message and stores it on their servers in plaintext form then that's their (bad) choice, and they should be held responsible for it.
It’s not about protecting all data. It’s about protecting personal data.
https://gdpr.eu/eu-gdpr-personal-data/