← Back to context

Comment by everfrustrated

11 days ago

In the UK, and I presume the EU also, the fines for losing customer data are set as a % of company annual worldwide turnover.

https://ico.org.uk/for-organisations/law-enforcement/guide-t...

7 comments

everfrustrated

Reply
jiggawatts  11 days ago

> the fines

They're not fines though if no money changes hands.

So far very few if any of these supposed penalties have actually been paid.

There have been a few good articles published about the total Euro amount of "penalties" and actual enforcement actions, and the ratio is something like 100:1 or worse.

ziddoap  11 days ago

According to the GDPR enforcement tracker link helpfully provided by the sibling commenter, we'll be lucky to see a ~1% fine of the 2024 revenue of Oracle. That's assuming that the fine issued is in the top 5 GDPR fines ever issued. Even 4%, the cited higher maximum on your link, is kind of peanuts (not sure this breach would even qualify for the "higher maximum", as I'm unfamiliar with the laws, so it could be a maximum of 2% if counted as a "standard maximum").

To me, that's still in the "cost of doing business" territory, not the "punishment" territory.

  • smueller1234  11 days ago

    4% of revenue is terrifying for large corporations.

    • ziddoap  11 days ago

      Have they ever issued a fine for 4% of revenue? That's the maximum fine possible, under the non-standard "higher maximum" category. This breach surely won't be given the maximum considering there isn't really anything noteworthy about it.

      We should consider the maximum that has actually been issued, than subtract some off of that. You also have to subtract out all of the money they saved over the years of reduced investment into security.

      I think that lands us squarely back into "cost of doing business" land.

    • nukem222  11 days ago

      It's impossible to take their fears seriously—literally any kind of social obligation is going to be scary for an entity with no desire to do anything but feed its owners.

      Wait until you see what kind of reaction 40% gets! Existential threats will be the only things that work.

nukem222  11 days ago

If a fine isn't an existential threat what's the point of it? Hoping next time they'll care more? tf?

the EU needs to tack another 0 to these percentages if they want to see movement.

  • waych  11 days ago

    If the fines were existential threats, who would even want to do business in these countries?