this post was submitted on 05 Nov 2023
376 points (99.7% liked)
Europe
8485 readers
1 users here now
News/Interesting Stories/Beautiful Pictures from Europe 🇪🇺
(Current banner: Thunder mountain, Germany, 🇩🇪 ) Feel free to post submissions for banner pictures
Rules
(This list is obviously incomplete, but it will get expanded when necessary)
- Be nice to each other (e.g. No direct insults against each other);
- No racism, antisemitism, dehumanisation of minorities or glorification of National Socialism allowed;
- No posts linking to mis-information funded by foreign states or billionaires.
Also check out [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Considering how comically low these fines are, we all know the answer to that one.
Actually, gdpr violation fines are ridiculously high, so at least there's hope that they'll consider complying.
So they should be. Not respecting user privacy should be incredibly costly!
One day I hope a regulator just gets to do day fine minimums.
"The fine for violation is €x OR 120 days of gross profits, whichever is larger."
Fuck gross profits.
Just gross. All income. Make it actually hurt.
That is how the GDPR works.
I was at a company where something shitty we did was eventually fined seven figures by federal regulators, and the CEO laughed because we made that in a month of doing it.
Here’s how it works:
You commit the shitty act for as long as you can, until the regulators finally catch on and/or have enough of the violation(s).
You hire a specialty lawyer who was a senior attorney or management at the regulator before shifting to private practice. That lawyer negotiates with his former co-workers/employees for six to nine months, then comes back with your deal.
Your fine in the deal looks like a big number in a regulator press release, but is usually <25% of the profits you’ve made off the shitty act.
If you’ve been particularly bad and you’re considered to be dicks, your deal might include a consent decree that attaches to the company and sometimes the execs personally. This is often just an annoyance for big companies, but can be bad for smaller companies whose execs really don’t want to be personally named, so you’ll sometimes see companies negotiate for a higher fine in exchange for removing execs’ personal names from the decree.
You pay the fine, sometimes in installments, and do the lightest possible rework of your business practices to bring you into compliance, and drive on. If you’re under a consent decree, you’re a bit more disciplined about reforming your practices. Otherwise, you look forward to the day when the consent decree ends, and you can backslide into the bad behavior again.
It's not the Irish data "protection" agency which views their task to be as lax as possible to attract companies and has to get sued to even act and fine companies violating the rules