clarkwinkelmann Could it be possible that the users kept the tab opened for so long that their session expired ?
That's a good possibility - I will check
clarkwinkelmann Regarding the bullet list issue, do you have an example of text that reproduces the error every time ?
Here you go
Not the owner, but the controller - this is data the user had access to, regardless of if they chose to look at it, and the app developer could see no more than the user could.
It is interesting to see how the situation would be if it happened now (In the GDPR world) to an EU citizen, in the scenario that FB still allowed this sort of access to be granted.
- The user would be ultimately responsible as the data controller
- FB would be jointly responsible as the data processor, but would have the defense that they believed they were following a lawful instruction from the data controller.
- The researcher would be using data for a reason not disclosed at the time it was gathered (gathered for research, but sold for market targeting purposes) so would be within the reach of the lead agency.
- CA would have no legitimate rights to the data given the point above, so would also be within the reach of the lead agency
In that case, I am pretty certain the ICO would go after the researcher and CA, and ignore the user; the user would of course be responsible themselves (because THEIR access did not implicitly grant them the right to sell that data for money) but it would be too much work for too little reward for the ICO, and of course they are victims here too. FB would refer the ICO to the users in the first instance, as it is hard to justify pursuing the data processor for actions they aren’t pursuing the data controller over.