Comment by ziddoap
11 days ago
According to the GDPR enforcement tracker link helpfully provided by the sibling commenter, we'll be lucky to see a ~1% fine of the 2024 revenue of Oracle. That's assuming that the fine issued is in the top 5 GDPR fines ever issued. Even 4%, the cited higher maximum on your link, is kind of peanuts (not sure this breach would even qualify for the "higher maximum", as I'm unfamiliar with the laws, so it could be a maximum of 2% if counted as a "standard maximum").
To me, that's still in the "cost of doing business" territory, not the "punishment" territory.
4% of revenue is terrifying for large corporations.
Have they ever issued a fine for 4% of revenue? That's the maximum fine possible, under the non-standard "higher maximum" category. This breach surely won't be given the maximum considering there isn't really anything noteworthy about it.
We should consider the maximum that has actually been issued, than subtract some off of that. You also have to subtract out all of the money they saved over the years of reduced investment into security.
I think that lands us squarely back into "cost of doing business" land.
It's impossible to take their fears seriously—literally any kind of social obligation is going to be scary for an entity with no desire to do anything but feed its owners.
Wait until you see what kind of reaction 40% gets! Existential threats will be the only things that work.