Article 8 point 2. They're missing the provisions of data retrieval. If available, that would immediately take down the whole monitoring system as a full message history request would have to be available since they don't know which data is private or personally identifying.
Additionally, this falls under GDPR legitimate concern category so must be possible to reject by the user. Otherwise it's an involuntary measure making the law contradictory.
Specifically, the charter: https://eur-lex.europa.eu/eli/treaty/char_2012/oj/eng
Article 8 point 2. They're missing the provisions of data retrieval. If available, that would immediately take down the whole monitoring system as a full message history request would have to be available since they don't know which data is private or personally identifying.
Additionally, this falls under GDPR legitimate concern category so must be possible to reject by the user. Otherwise it's an involuntary measure making the law contradictory.
With this in mind, it's toothless if corrected.