Re: And they have all those phonebooks nice data anyway....
<emThere are zero provisions in GDPR that prevent a data grabber from obtaining people's information from OTHER people</em>
Wrong. Unless they have another lawful basis for processing (which would not apply here), then the data processor MUST have the consent of the person to whom the information relates. It does not matter where they get that data, they must have the consent of that person.
So if another person uploads their contact list with my details in, the data processor (in this case, FaecesBorg) would be breaking the law to use it.
If that wasn't the case, then it would be really easy for everyone to use these "got it from someone else" techniques to sidestep the law. But GDPR is clear on this - if a data processor gets information from a 3rd person, they must be able to show that they have the necessary processes/controls in place to be sure that that 3rd party did legitimately obtain the data and the data subject gave their informed consent for it to be shared.
Biting the hand that feeds IT
