As I understand it, the GDPR is primarily concerned with user's privacy. You can't have an opt-out if you want to sell data about the user - like name, email, browsing history, and that kind of stuff.
Data created by the user - such as a youtube video, HN comment, or whatever you want to call Figma - is probably still a wild west. That's more about intellectual property than privacy. The ToS of pretty much every single platform has included a mandatory licensing clause for ages, giving them the rights to do pretty much everything they want to.
> That's more about intellectual property than privacy
It is very important point and anybody who is working on something more innovative than few mockups for their next SaaS app is fuming from their ears.
Just to illustrate let's consider a scenario where we have a team of scientists working for a long period of time on a data structure which they have visualised in their Figma project.
Now let's say they forgot to turn the toggle off. In an instant all of their intellectual property earned through years of blood, sweat and tears is integrated into Figma's LLM. Just like that and without any attribution!!!
Yes it is, to the extent consent rather than legitimate interest is the legal basis or even under legitimate interest if the data meets the GDPR definition of sensitive. I suspect legitimate interest as the legal basis here would be legally invalid in this case, but it would not at all surprise me if Figma were to try to away with that argument.
The GDPR is not actively enforced enough for compliance to be as widespread as it should be, especially by non-European companies but even by European companies. (I suspect that’s part of the reason lobbyists haven’t forced in more loopholes through legislative amendment; the EU and member-state politicians and regulators can look stronger on privacy than they are without actually severely impacting the corporate surveillance and advertising regimes.)
I doubt it would be. Housing any form of data subject to GDPR or NIS2 on Figma is already against the EU directives. So any data you house on Figma isn't going to be sensitive in terms of privacy. So the title is a little misleading in that it's not personal privacy data, but whatever work you've used Figma for. Which wouldn't be protected by EU directives as such, because if it was, you would be the one breaking the law.
