The EDPB issued an urgent binding decision that essentially bans Meta from using personal data for behavioral advertising in the entire European Economic Area (EEA).

  • Kissaki@feddit.de
    link
    fedilink
    English
    arrow-up
    8
    ·
    11 months ago

    GDPR:

    These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.

    4% can be a lot in absolute numbers for these massive corporations. But it’s such a low percentage that it could indeed be included in operational cost and then be ignored.

    • Armok_the_bunny@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      11 months ago

      It helps a lot that that’s revenue and not profit, so it ignores other expenses. Of course, I don’t know how much that matters, but it is still enough to hurt.

      • SHITPOSTING_ACCOUNT@feddit.de
        link
        fedilink
        English
        arrow-up
        2
        ·
        11 months ago

        I’d say that’s a huge problem actually.

        For a normal company, abusing data is a small part of their business and profit is a few percent of revenue, so such a fine would be devastating.

        For some tech companies, profit is in the double digit percent of revenue and half of it comes from breaking the law, so the 4% are a tax they can happily pay and still be more profitable than if they followed the law.

        • elvith@feddit.de
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Depends. It’s up to 4% of the yearly revenue per court ruling. And not necessarily once per year. If you were to continue to ignore these rulings and continue abusing the data, that can rack up fast. Pay once - that may or may not be a problem. Pay monthly - there goes up to 48% of your yearly revenue.

          • SHITPOSTING_ACCOUNT@feddit.de
            link
            fedilink
            English
            arrow-up
            2
            ·
            11 months ago

            It’d be great if that was how it works, unfortunately it seems like the penalties are closer to once every 3-5 years than monthly, skewing the balance even further to “screw the law, just pay the fee”:(

            • elvith@feddit.de
              link
              fedilink
              English
              arrow-up
              1
              ·
              11 months ago

              They won’t hand out fines every few weeks easily. And usually you cannot get fined twice for the same thing. BUT it was a (albeit able bit exaggerated) projection what could happen, if you constantly ignore the court orders and continue breaking the law. At first, you might get some time to change your processes, get compliant, … but when it won’t stop, you get fined again. And it won’t be lenient the further you stress it. Also that’s just the fine for the GDPR violation itself. Ignoring court orders, violating the law continuously,… will get you other fines - assuming you don’t change you behavior.

              It will take a while to get there, sure and I think Meta will try to continue processing this data as mich as they can, but the EU doesn’t look like they’re joking too much.

    • Poggervania@kbin.social
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      11 months ago

      Oh man that sounds juicy 🤤

      Only change I’d argue for is to go off market cap instead of annual worldwide revenue though because you can say some insanely small amount on paper like 4%, but then that same 4% turns from ~$5B USD with annual revenue to ~$33B USD with market cap. But because we’d also want to actually deter businesses from breaking it and considering it a cost of business, I would think something like a fine of 110% of market cap value would be a huge deterrence.