Comment by ziddoap
10 days ago
Have their been any GDPR fines that amount to more than a rounding error of Oracle's revenue? Admittedly, I don't watch too closely, but from the ones I am aware of, I haven't seen any GDPR fines that made me finally think "wow, that might actually count as a punishment". (I would honestly be happy to learn of some!)
There are disclosure laws in the US as well, but again, the fines are like a days worth of revenue. Maybe the breached company has to provide a year of credit monitoring for the affected persons, if lucky.
Several of the fines have been in the hundreds of millions of dollars - and while not crushing to Oracle, that's actual money that will definitely change behavior.. https://www.enforcementtracker.com/
Many of these are against public bodies... Hundreds of pages with lawyers back and forth for in the end money going from one part of the government to another...
Nice, thanks for the link!
The largest fine ever issued is about 2% of Oracle's 2024 revenue. If we average the top 5 fines ever issued (this breach surely wont result in the largest GDPR fine ever), it'd be about 1% of Oracle's 2024 revenue. So, between ~3.5 and ~7 days worth of revenue, if we're lucky and get a top 5 GDPR fine?
I'm not sure that is in the "definitely change behavior" area yet (in fact, I'm confident it is not), but better than I thought.
7 days of revenue, 1 whole week out of 52 that all of your workforce production went to pay a fine? Yeah, that's quite noticeable for a corporation.
4 replies →
If that were true companies wouldn't get fined over and over again year after year.
In the UK, and I presume the EU also, the fines for losing customer data are set as a % of company annual worldwide turnover.
https://ico.org.uk/for-organisations/law-enforcement/guide-t...
> the fines
They're not fines though if no money changes hands.
So far very few if any of these supposed penalties have actually been paid.
There have been a few good articles published about the total Euro amount of "penalties" and actual enforcement actions, and the ratio is something like 100:1 or worse.
According to the GDPR enforcement tracker link helpfully provided by the sibling commenter, we'll be lucky to see a ~1% fine of the 2024 revenue of Oracle. That's assuming that the fine issued is in the top 5 GDPR fines ever issued. Even 4%, the cited higher maximum on your link, is kind of peanuts (not sure this breach would even qualify for the "higher maximum", as I'm unfamiliar with the laws, so it could be a maximum of 2% if counted as a "standard maximum").
To me, that's still in the "cost of doing business" territory, not the "punishment" territory.
4% of revenue is terrifying for large corporations.
2 replies →
If a fine isn't an existential threat what's the point of it? Hoping next time they'll care more? tf?
the EU needs to tack another 0 to these percentages if they want to see movement.
If the fines were existential threats, who would even want to do business in these countries?
> Have their been any GDPR fines that amount to more than a rounding error of Oracle's revenue?
Not yet, hopefully soon: under some circumstances GDPR fines can go up to 6% of gross earning (ebitda) iirc.