The article says that what gets shared with the app is a picture of the man, and it's not just "those who sexually assaulted them or stalked them" but anyone they want feedback about.

I assume the app then runs facial recognition.

This may be legal in the US, but not under GDPR. Pictures of faces are biometric data (explicitly listed as such), which falls under additional restrictions beyond personally identifiable information.

A drivers license with the picture blacked out would be less sensitive than the picture itself!

▲

9dev 5 days ago | parent [-]

> This may be legal in the US, but not under GDPR.

This whole story is an amazing example of why the GDPR is correct about this, IMHO.

	▲	tgsovlerkhgsel 5 days ago \| parent [-]
		There are soo many examples from the US showing why GDPR is a good thing: Clearview AI (biometric mass surveillance, essentially "search the internet by face"), car manufacturers collecting and selling location data, phone companies collecting and selling location data, ISPs collecting and selling browsing behavior, companies running mass surveillance on license plates and selling the data to law enforcement and really anyone who pays, some DNA sequencing related abuses that I don't remember the details of, all the data collected by the ad "ecosystem" (note that this still happens in GDPR-land because enforcement is lacking), this, ...