From time to time, important news gets overshadowed by other headlines, even though it could have a profound impact on our (online) world. To most of us, few things are more bothersome than the dreaded cookie banners. On countless websites, you’re confronted with a pesky pop-up urging you to agree to something. You end up consenting without really knowing what it is. If you try to figure out what’s going on, you quickly get lost among the often hundreds of “partners” who want access to your personal data. Even if you do give your consent, it’s questionable whether you truly understand what you’re agreeing to.
Simple:
- make “no” the default answer when asking
- massive fine, in the order of 50% of total revenue, the first time you get caught to be paid before the eventual appeal, which if lost raise the fine by 50%. If not paid in 90 days, the CEO goes to jail until it is paid. From now on for 2 years the company must show that it follow the law.
- mandatory jail time for the CEO the second time you get caught with no option for parole or any other alternative sentence like a fine or whatever.
Or any other solution where the eventual punishment cannot be considered just business cost.
I know, almost impossible… :-(
- Please. Need this. Thanks
- Would this work in any court of law?
- I’ve learned recently while the CEO has a lot of control, they are not ultimately in control. The executive board is. Everyone on the board should be jailed and barred from starting a business for 25 years or the length of the sentence, whichever is greater
- Yes, a law can define whatever fine you want and timeframe to pay.
- Fine, not the CEO but the executive board members, it does not matter. The point is that who has the control and the benefit should also carry the risk. You get big buck from the company ? Fine, if your company do something illegal you pay the price.
I agree with the sentiment, but that harsh of an enforcement method is overkill, the penalty should be a fine, not jail time, because otherwise it could be abused to an insane extent, and 50% will immediately bankrupt pretty much any company immediately, most well structured businesses could probably sustain fines on the order of 40%, I do like your inclusion of percentage based penalties, but realistically with 2-5% fines, any ceo will be removed from their company after the first or second offense, and the company will bankrupt if they sustain more than a couple fines in a year.
Edit: after doing the math on some actual companies, I believe 2-5% is too low, realistically 5% is the lowest that would actually change business dealings, and 25% will make a company just barely dip into the red. For this reason I think 5-15% should be the goal post.
Then maybe dont do anything illegal???
You have to activly track someone, it doesnt just “happen”.
“Oops, we are tracking children” is something that has happened many times in recent years, IIRC. Probally still intentional.
IIRC there were hospitals in the US that violated HIPAA by accident because they used the Meta Pixel to aggregate useful information on their website, but which was also sending more information than they knew to Meta. So, it does “just happen”.
Meta is doing it knowingly though so….
If these laws came into place, you would ofc create a grace periode, resulting in løser punishments.
It will give corps a window to really check wtf they are doing, and take it seriously.
And a few fines to popular websites and news reports about it and people will start to learn what the law is and don’t implement meta haphazardly. “just happen” will quickly turn to “rarely happens” once it becomes enforced.
I know the human tendency is to think in extremes, but I would prefer to have a system that is as balanced as possible, or at least one that affords adecuate protections to all parties involved.
The issue I have with the “just don’t do anything illegal” argument is that depending on how the illegality is defined, it can be used as a tool for bad actors. Take for instance something like the afformentioned 50% penalty with mandatory jail time for repeat offenders, if I decided that jim’s furniture store shouldn’t exist anymore, I would only need to find some tiny thing wrong with their data handling, like for instance, assuming this specific hole exists, that they asked for contact info before it’s needed for purchase verification. Now they may lose on this minor infraction, and pretty much any small business will die a horrible death without half their revenue. Meanwhile the mega corps will likely find some workaround do to their high priced lawyers, but even assuming we make a rock solid definition, they still just cycle the ceo immediately, because no one will want to be an active ceo when they are one court case from jail.
The issue I have with the “just don’t do anything illegal” argument is that depending on how the illegality is defined, it can be used as a tool for bad actors. Take for instance something like the afformentioned 50% penalty with mandatory jail time for repeat offenders, if I decided that jim’s furniture store shouldn’t exist anymore, I would only need to find some tiny thing wrong with their data handling, like for instance, assuming this specific hole exists, that they asked for contact info before it’s needed for purchase verification. Now they may lose on this minor infraction, and pretty much any small business will die a horrible death without half their revenue.
Got your point, unluckyly every law can be abused if not based on hard evidences (and even in this case it is not bulletproof). And of course it is not automatic so a due process is obviously necessary where you need to prove that Jim is in the wrong.
But we already have similar laws here and they seems to work pretty well.Meanwhile the mega corps will likely find some workaround do to their high priced lawyers, but even assuming we make a rock solid definition, they still just cycle the ceo immediately,
For the mega corps the real threat is the fine, the mandatory jail time for the CEO (or the board members or whoever is in real control) is only a way to have the people who need to control to make their work. A company, big as you want, is not some abstract entity where things where done by some abstract figure. In the end there is always someone who approve everything and the CEO (or the board) is the ultimately responsible.
Just imagine how much control the shareholdes would make on Zuckemberg if they know they are one lost court case from losing half their money.
And no, rotating the CEO is useless, criminal charges are personal so if you as CEO make something illegal and then quit, your charges do not trasfer to the new CEO.
because no one will want to be an active ceo when they are one court case from jail.
Then he will check what the company do. He want the big buck, it is right it also has the accountabilty.
Which is the whole point of the enormous fine and jail time.
If the penalty could be treated as a simple “cost of doing busineess” there is no incentive to stay in the right because if you ever got caught it is not that big problem.And I don’t see a problem if a company doing illegal things to survive will bankrupt once they get caught while doing it.
but realistically with 2-5% fines, any ceo will be removed from their company after the first or second offense, and the company will bankrupt if they sustain more than a couple fines in a year.
I don’t think so. It’s not that the massive fines committed to Apple and Google make them change the CEO.
I will preface this comment with a change in my opinion when it comes to semantics, I think my 2-5% range is too low after researching a bit more, I would be much more in favor of 5-15%, but the remainder of my point stays the same.
I don’t think so. It’s not that the massive fines committed to Apple and Google make them change the CEO.>
Which fines are you referring to, in my opinion the biggest problem that we currently have is that there are realistically no penalties for breaking the law.
Just doing a quick Google search, apple made about 400b in revenue last year, and apple just had a 2b fine from an antitrust lawsuit. Applying the 5% fine, that 2b would become 20b which equates to 20% of their annual earnings for that year.
If we applied the 50% penalty that started this thread, that becomes a fine of 200b which means, using the apple example, that the company loses 100b when they get down to their earnings. This is the reason why I feel like 50% is too much, if one privacy court case in one country is enough to bankrupt a company, no company would ever attempt to provide a service that is remotely adjacent to that law: in my mind, some of the services that would cease to exist would include search engines, payment processors, and email newsletters.
All in all, I think that the penalty should be a fine, because realistically this is a civil matter, and I am not a big proponent of jail time without a criminal conviction. I do agree that the fixed amount fines are too damaging to smaller firms and a slap on the wrist for large ones, so after looking at the numbers for apple and Google 5% equates to a noticeable hit to the companies bottom line, and 15% is a little bit short of making the company entirely unprofitable; this means that the fines range from hurting or stunting the growth of a company for one privacy related issue in whatever country is enforcing this law. This also means that on the high end bankruptcy will loom over any company that has 2-3 privacy issues in any given year.
Addendum: if you were wondering, about the numbers for 15%, the earnings in 2024 for apple would be 35b or a 37% decrease, and for Google it is 47.5b or a 48% decrease.
I will preface this comment with a change in my opinion when it comes to semantics, I think my 2-5% range is too low after researching a bit more, I would be much more in favor of 5-15%, but the remainder of my point stays the same.
I don’t think so. It’s not that the massive fines committed to Apple and Google make them change the CEO.>
Which fines are you referring to, in my opinion the biggest problem that we currently have is that there are realistically no penalties for breaking the law.
The one’s for GDPR violations.
Just doing a quick Google search, apple made about 400b in revenue last year, and apple just had a 2b fine from an antitrust lawsuit. Applying the 5% fine, that 2b would become 20b which equates to 20% of their annual earnings for that year.
If we applied the 50% penalty that started this thread, that becomes a fine of 200b which means, using the apple example, that the company loses 100b when they get down to their earnings.
Which is the whole point. If the fine is too low to be threatening, it could be write off as just “cost of business” there is no incentive to stay on the right side of the law.
In your example the only thing that would happen is that apple would pay less dividend to the shareholders which, while I admit is something that could be a problem for them, in my opinion is not enough, considering the number of people affected.I could care less if apple, after a due process, go bankrups because it break the law: if your only way to stay afloat is breaking the law, then you can fail, be you apple or Jim’s little forniture shop. And that because while you break the law and survive you are fucking all your clients and all the other companies that follow the law.
Obviously the law must be simple enough to follow so that for Jim’s furniture shop is not a problem nor a too high cost to respect it, but it must be clear that if you break it you can cease to exist as company.
This is the reason why I feel like 50% is too much, if one privacy court case in one country is enough to bankrupt a company, no company would ever attempt to provide a service that is remotely adjacent to that law: in my mind, some of the services that would cease to exist would include search engines, payment processors, and email newsletters.
No, the companies will simply follow the rules of the country they operated in.
Even now the payment processors are subjected to regulations that if applied to apple, google or facebook would make them close their business, for example.All in all, I think that the penalty should be a fine, because realistically this is a civil matter, and I am not a big proponent of jail time without a criminal conviction.
I do not want jail time for the CEO by default but he need to know that he will pay personally if the company break the law, it is the only way to make him run the company being sure that it follow the laws.
And that because in the end the CEO is the ultimate decision maker in the company and I don’t really think that he must be able to hide behind the “I don’t know” facade. I don’t belive the situation where something being a big liability for the company is not approved by him.
(I used the CEO, but it could be the board members or any other entity that run the company).This also means that on the high end bankruptcy will loom over any company that has 2-3 privacy issues in any given year.
The question then is: why a company should have 2-3 privacy issue a year ? I can get the first one, but the second ? Or the third ?
I mean, you get caugth one time, why you as a company think that you can continue that way ?
And I am not speaking about a perfect nobody that cite apple for privacy violation and the judge automatically apply the fine, a due process is required, but big violations of laws like the GDPR or equivalent. And even if it is the perfect nobody, why after the first time you got caught you do not change your way ? Why a company that break the law should be able to continue the break the law just because if it even caught it is the next fiscal year if not later (at the end of the process and various appeals) ? More specifically, why a company that cannot survive without breaking the law should be able to continue to operate ?Addendum: if you were wondering, about the numbers for 15%, the earnings in 2024 for apple would be 35b or a 37% decrease, and for Google it is 47.5b or a 48% decrease.
Which is a good start but nothing that cannot considered when doing a budget, so no real danger here.
Which is the whole point. If the fine is too low to be threatening, it could be write off as just “cost of business” there is no incentive to stay on the right side of the law. In your example the only thing that would happen is that apple would pay less dividend to the shareholders which, while I admit is something that could be a problem for them, in my opinion is not enough, considering the number of people affected.
I see what you mean, but earnings affect more than dividends, they also affect a companies growth. More than likely with the 20-50% reduction in earnings -that comes from the 5-15% range- the company would either make shareholders eat the cost, which is unlikely, or the shareholders will keep their returns and the company will sacrifice any meaningful growth. It seems to me that this is a big enough incentive to not breach people’s privacy as it no longer is a cost of doing business unless you’re vision of a well run business is one that doesn’t ever do any expansion.
Obviously the law must be simple enough to follow so that for Jim’s furniture shop is not a problem nor a too high cost to respect it, but it must be clear that if you break it you can cease to exist as company.
I think this may be the root of our disagreement, I do not believe that there is any law making body today that is capable of an elegantly simple law.
We also definitely have a difference on opinion when it comes to the severity of the infraction, in my mind, while privacy is important, it should not have the same level of punishments associated with it when compared to something on the level of poisoning water ways; I think that a privacy law should hurt but be able to be learned from while in the poison case it should result in the bankruptcy of a company. I hold this opinion since, while it doesn’t really apply to large corporations, at the end of the day if a business goes bankrupt, the owners lose their investment and the workers lose their jobs. Now obviously the workers would be able to adapt, but for the owners, their livelihood is destroyed over something that by itself would not destroy the livelihood of anyone else. The issue we find ourselves with today is that the aggregate of all privacy breaches makes it harmful to the people, but with a sizeable enough fine, I find it hard to believe that there would be major or lasting damage. For this reason I don’t think it is wise to write laws that will bankrupt a company off of one infraction which was not directly or indirectly harmful to the physical well being of the people: and I am using indirectly a little bit more strict than I would like to since as I said before, the aggregate of all the information is harmful.
No, the companies will simply follow the rules of the country they operated in.
I think you put too much faith in people understanding what’s right and wrong prior to being told off, I understand the sentiment of making laws that would only allow good people to benefit from them, but I think there aren’t enough good people in business for the economy to stay out of a recession, which I think would cascade really fast into said law being repealed.
Even now the payment processors are subjected to regulations that if applied to apple, google or facebook would make them close their business, for example.
I would have to look into the laws in question, but on a surface level I think that any company should be subjected to the same baseline privacy laws, so if there isn’t anything screwy within the law that apple, Google, and Facebook are ignoring, I think it should apply to them.
I do not want jail time for the CEO by default but he need to know that he will pay personally if the company break the law, it is the only way to make him run the company being sure that it follow the laws.
For some reason I don’t have my usual cynicism when it comes to this issue. I think that the magnitude of loses that vested interests have in these companies would make it so that companies would police themselves for fear of losing profits. That being said I wouldn’t be opposed to some form of personal accountability on corporate leadership, but I fear that they will just end up finding a way to create a scapegoat everytime.
The question then is: why a company should have 2-3 privacy issue a year ? I can get the first one, but the second ? Or the third ?
In general I like laws that are as objective as possible, I think that a privacy law should be written so that it is very objectively overbearing, but that has a smaller fine associated with it. This way the law is very clear on right and wrong, while also giving the businesses time and incentive to change their practices without having to sink large amount of expenses into lawyers to review every minute detail, which is the logical conclusion of the one infraction bankrupt system that you seem to be supporting.
Why a company that break the law should be able to continue the break the law just because if it even caught it is the next fiscal year if not later (at the end of the process and various appeals) ?
I guess I am assuming that the law we are talking about would be written by infraction, which means that if a company broke multiple sections of the law, they would go under after either 2-3 individual cases for the different sections, or from one large lawsuit that included them all. In this way there is a difference in penalty depending on how much the company continues to break the law.
Which is a good start but nothing that cannot considered when doing a budget, so no real danger here.
I have to disagree since if they lose two court cases they essentially just break even, no amount of budgeting other than pursuing a 200% markup will solve this issue.
Something that occurred to me during this reply chain is that there is no reason not to write the law in such a way that starts it low say 10% and make it so that it is revised every year or so In increments of ± 5%, eventually we will hit the percentage that actually works without disrupting the economy. I would also stipulate that it can’t drop below 5%. Although this would have to be included as an annual budget thing which has its own problems, but I think this would be the best halfway point between our ideas at least when it comes to the percentages.
