This is a GDPR violation. I hope the author already complained to the authorities. (Since there is a German phone number is used in the example, I assume that the authors is from Germany)
Because it’s not. The author of the post is mistaken. Doesn’t stop people from claiming “big bad Facebook caught yet again” though.
If you try to search someone’s phone number, Facebook will only indicate that there’s an account with that number with steps to recover (reset) your password. Nothing else.
Go ahead. Find some random number in your contact book and search it. If there’s an account, you’ll see the email is almost completely masked out and that there’s no name given. If it didn’t work, try another number.
Facebook does show you the name if you’ve previously logged into that account on that computer.
Basically, there’s no GDPR violation because there’s no PII to get. A phone number by itself is not PII as it is not “personally identifiable information”; you can’t link it back to the person.
I will not test this, as I don't want to give valid phone numbers to Facebook.
If what you are saying is true, then OK. I was making my statement under the assumption that Facebook would indeed show profile picture and name, which then would be a violation of GDPR confidentiality and consent principles.
