Yet, the GDPR states that private information should only be requested to provide a service that requires it and with “No strings attached”. My understanding (IANAL) was that the GDPR explicitly forbids asking for private information to pay for a service.
Sure, and Facebook's last two attempts were equally not particularly GDPR compliant. It's clear that "Questionably GDPR compliant" is not enough to stop Facebook attempting a scheme.
