Comment by disgruntledphd2
3 days ago
OK, from 2018 so they were even more under-resourced (if that's possible).
Additionally, the Irish DPC got involved from other data authorities, which may have caused delays.
That being said, they were dead wrong not to take on that case, as it was clear violation of GDPR. I actually worked for Meta/Facebook at this point and got drunk and bitched about this exact screen with one of their privacy lawyers. It was total non-compliance and should have been punished much harder.
Note also that the Hamburg DPA is crazy, they kept pushing compliants that were never supported by anyone else. I'm a little annoyed at noyb for not putting their complaints to the appropriate authority, but they appear to have learned better in the intervening years.
> https://archive.ph/20230123014444/https://www.irishtimes.com...
This on the other hand, is a work of opinion by a Berlin correspondent for a pretty poor newspaper. There probably is a bunch of pressure/lobbying on the DPC to avoid massive, massive fines which shouldn't happen but does everywhere.
The conceptual difference here is important. The goal should be to preserve privacy, not fine arbitrary large amounts of money. Like, sometimes you do need to fine people but personally I'd prefer auditing requirements for Meta/Google et al rather than fines.
I'm gonna need to think about this, tbh. I do have a certain amount of sympathy for the Irish DPC given the resourcing constraints and the size of their opponents. I'm not sure where the right balance is, tbh.
> The conceptual difference here is important. The goal should be to preserve privacy, not fine arbitrary large amounts of money. Like, sometimes you do need to fine people but personally I'd prefer auditing requirements for Meta/Google et al rather than fines.
I'm operating under the assumption that most tech giants (and in particular Meta) are doing everything in their power to keep violating people's privacy as long as they can get away with it.
Since it's impossible to audit everything such a huge corporation is doing and since cases can take a very long time to resolve (after which the damage is often already done), the huge fines are for scaring companies into submission. I am perfectly fine with that, no actually: I wish the fines were so big that they were actually threatening the business's survival.
> I'm not sure where the right balance is, tbh.
I'm probably the wrong person to ask because I think that Facebook simply shouldn't exist.
> I'm operating under the assumption that most tech giants (and in particular Meta) are doing everything in their power to keep violating people's privacy as long as they can get away with it.
This is a bad take. They want to make money and make the stock price go up (at the exec level) but lots of people there want to make good products (even in ads). Encouraging them to find less privacy invasive ways of doing this is probably a better approach.
> Since it's impossible to audit everything such a huge corporation is doing and since cases can take a very long time to resolve (after which the damage is often already done), the huge fines are for scaring companies into submission. I am perfectly fine with that, no actually: I wish the fines were so big that they were actually threatening the business's survival.
But it doesn't work. We've had GDPR for 7 years now, and while it's definitely made some things a lot better, I don't see much decrease in privacy invasion from the Big 2 (Google and Facebook). Depressingly, the biggest impact on privacy has been from Apple's anti-competitive ATT moves.
> I'm probably the wrong person to ask because I think that Facebook simply shouldn't exist.
Yeah, this is a wild take. Do you feel the same about Google who do basically all of the same stuff?