It never sends... and many ask why the GDPR & other privacy protections are necessary.

The thing is, with GDPR or anything else, it wouldn't have prevent it to happen. A bug is a bug, it happens. Even if you risk a big fine, "I assume", that Facebook engineers / developers / coders / debuggers are giving their best.

If the GDPR was in affect at that time & if FB was in compliance, FB would not have collected PII without explicit permission from the user and if granted, that sensitive data would have been stored securely or FB would have faced extreme penalties.

Secure is not a negotiable term. Either something is secure or it isn't.

In the above case of FB's "bug" the data was not stored securely and it seems the PII & other user sensitive information was not collected with consent.

You are confusing stories. In this one, when people were posting a message, they were able to select if the message was private or public. By default, it "used" to be "private", but because of the bug, this was the public option selected by default, and people didn't pay attention when posting. In this case, this is not a matter of illegal collecting of data without permission. It's a bug, which set the default option to "public", and the fact that people are doing things without looking at what is written (and so not choosing the right option).

I read the story. My comment remains the same.

it seems the PII & other user sensitive information was not collected with consent

According to the press reports, all the information was collected with consent.

Furthermore, it was intended for publication (albeit with more limited circulation).

The issue arose from a bug affecting Facebook’s “audience selector” tool, which allows users to decide whether to publish a post only to their friends or to a broader audience. The tool usually remains on the setting that was used most recently so that a user who only wants to share posts with friends does not have to keep selecting that option. But while the bug was active, from 18 May to 27 May, the setting was automatically changed to public.

Jonathan Albright, the research director at the Tow Center for Digital Journalism at Columbia University, has argued that Facebook’s audience tools, which it often touts as giving user’s control over their privacy, should instead be deemed “publicity settings”, because they only affect the audience of information that a user chooses to publish.

Source: [theguardian.com...]

...

My comments apply to a broader sense, well beyond each individual reported story. FB has been caught sharing, selling and distributing user PII for several years now. Everytime they get caught, they excuse it as being a bug, or that the app owner was warned not to share data. All this is BS. It is FB that is accountable.

It is FB that is accountable

Absolutely.

Like everyone else, they are accountable for what they actually do and say.

And in this case they have accepted responsibility, corrected their error, and apologised.

They would have looked pretty foolish if they had tried to wriggle out of it.

...

And the hits keep coming! Kismet.

I read the story. My comment remains the same.

My comments apply to a broader sense

You should have mention it right away, instead of claiming that your comment was about this story. When you comment about shoes, when a story is about blue and red shoes, you should state it, otherwise it turns fake news.

You should have mention it right away, instead of claiming that your comment was about this story.

Monster posters have a zillion threads running through their minds at any given time and sometimes things get jumbled. Easy to do.

...instead of claiming that your comment was about this story

I claimed nothing of the sort. Relax.

In the above case of FB's "bug"

As above, so below.

Facebook does seem to have an idiosyncratic approach to the English language.

Sometimes they say "public" when they mean "Facebook members only".

No wonder people get confused.

...