No, you are misinterpreting what the law is saying. The purpose of the law is to protect from the collection of data points (height, age, political opinions, etc.) about individuals. Sure, a private message between two individuals can contain such information in a way that can be associated with a specific individual. If Facebook would scan all private messages for such data and store it in unencrypted form, then yes, they would violate GDPR. But a simple text message between two individuals does not by default violate GDPR.

A very important aspect of GDPR is a consideration for the purpose of the processing of data. If your company is providing an international messaging service in order to harvest sensitive personal data from private messages, then yes that is very much illegal. But if the purpose is simply to provide a messaging service and you are taking the appropriate steps to secure the data of your users, then it is not illegal.

> your company is providing an international messaging service in order to harvest sensitive personal data from private messages, then yes that is very much illegal

The government hates competition. Only they should have the right to do that and force back doors on encryption standards…

If the message is really private (i.e. end-to-end encrypted) then Facebook can't see it , and if it can't see it, or process it in any way then the GDPR does not apply. And if Facebook does access the message and stores it on their servers in plaintext form then that's their (bad) choice, and they should be held responsible for it.

So now we agree that asking about private messages is not a “stupid” question?

And then if they do e2e encryption where the EU can’t get to it, that runs afoul of another proposed EU regulation.

https://www.politico.eu/article/eu-commission-violation-priv...