Collecting and selling the data is legal if they give you the chance to opt out. They went out of their way to avoid giving you that chance, and that’s what they got in trouble for. So the five year ban is a penalty for breaking the actual law, which is just that the consumer should have a chance to say no.
I think: it's illegal without consent. They can't do it for 5 years, even if they got consent, as a punitive measure. After that they will have to seek consent.
Security pentester tests someone's website before getting approval/confirmation that this is what the client (who isn't a client yet) wants.
Someone reports that, and judge says "Since you didn't do the pentest the legal way, we're banning you from doing pentests for five years"
After those five years, the pentester can continue doing tests, but legally. The five year ban is not the punishment for doing pentests, but for doing unauthorized pentests.
The analogy here is that data collection/selling is legal, but you have to follow the rules regarding how collection happens. If you break those rules, they'll ban you for N years, after that you can do the collection/selling but following the rules.
Collecting and selling the data is legal if they give you the chance to opt out. They went out of their way to avoid giving you that chance, and that’s what they got in trouble for. So the five year ban is a penalty for breaking the actual law, which is just that the consumer should have a chance to say no.
[dead]
Yes I don't understand the "5 Years" part at all.
Either it's illegal or it isn't.
No judge ever says "I ban you from burgling houses for 5 years!", like after 5 years it would be okay again.
> Either it's illegal or it isn't.
I think: it's illegal without consent. They can't do it for 5 years, even if they got consent, as a punitive measure. After that they will have to seek consent.
Imagine this:
Security pentester tests someone's website before getting approval/confirmation that this is what the client (who isn't a client yet) wants.
Someone reports that, and judge says "Since you didn't do the pentest the legal way, we're banning you from doing pentests for five years"
After those five years, the pentester can continue doing tests, but legally. The five year ban is not the punishment for doing pentests, but for doing unauthorized pentests.
The analogy here is that data collection/selling is legal, but you have to follow the rules regarding how collection happens. If you break those rules, they'll ban you for N years, after that you can do the collection/selling but following the rules.
No burglar has the resources of GM.
Isn't that jail time?