WingNews logo WingNews
top | item 46875050

(no title)

throwmeaway820 | 26 days ago

> A flat minimum, say 5,000€ per violation, no matter how small the company

It's hard to imagine a practice more hostile to starting and operating a business than such a policy

discuss

order

petcat|26 days ago

California has the exact same penalty structure in the CCPA:

> (b) A business shall be in violation of this title if it fails to cure any alleged violation within 30 days after being notified of alleged noncompliance. Any business, service provider, or other person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) for each violation or seven thousand five hundred dollars ($7,500) for each intentional violation, which shall be assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General. The civil penalties provided for in this section shall be exclusively assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General.

$7,500 per intentional violation, $2,500 per unintentional.

[1] https://leginfo.legislature.ca.gov/faces/billTextClient.xhtm...

patja|26 days ago

But the California law only applies if your business has more than $25m revenue or does a lot of selling of PII. See SEC. 9. Section 1798.140 in the page linked.

goshcoding|26 days ago

How is a fine for mishandling personal information "hostile" to business?

A true Hacker News and YCombinator moment.

nilslindemann|26 days ago

Yes, especially as the company could just implement a button "Delete your data" on their website. An automated task initiated by the user. No work for them.

Companies could also make clear before any registration, on one page, which data they will ask for and later collect. If they were honest. Then the user had a chance to opt out _before_ they have given any data to them.

Well, they are not honest, because what do they do instead? Page 1: "Please, your E-Mail". Page 2: "We also need your phone number (we may call you)". Page 3: "Great, nearly done. Now please, your address, your credit card, a fingerprint copy and a picture of your penis".

I am in favor of appending a zero to those 5.000 Euros.

testing22321|26 days ago

It gets in the way of ever increasing profit. The most important thing ever.

michaelsshaw|26 days ago

Not allowing reckless disregard for the rights of people = literally fascism.

Apreche|26 days ago

If compliance is so difficult for a business that they will fail if the law is enforced, good.

mattjhall|26 days ago

If you open a business you should be responsible enough to comply with the laws. A business that became large enough where this would become a time sink would be able to afford to hire someone.

jbverschoor|26 days ago

And why not make the fines 0.1% - 1% of a venture's revenue? Because that's what you're talking about.

WheatMillington|26 days ago

All you have to do is respect the law and respect your customers. Absolutely the most basic thing we can ask of a new business.

7bit|26 days ago

The issue lies somewhere in between.

I agree that businesses who unlawfully sell your data or do not implement a minimum of security measures should be punished hard.

I also agree that a flat 5000 € is problematic. Not because I believe that breaking the law shouldn't be punished. It's because you also get punished if you protect the data and respect your customers, but you don't document the thousand things you must document as a small business.

I don't know if you ever looked at GDPR, but that does not distinguish between a company with five employees and 50,000 employees.

The company with 5 employees must exactly (!!!) implement the same audit trail and processes that the 50,000 employee company has to do. Or worse, there's literally no difference between you founding a company and Facebook.

This shit gets extremely overwhelming extremely fast and that's just killing small businesses.

y42|26 days ago

can you explain why? I mean a company ignoring common and simple rules of law... why you want to "protect" that?

raverbashing|26 days ago

You really think mom & pop business that have limited IT skills have 5k laying around for some minor violation like not deleting an older email?

matkoniecz|26 days ago

" simple rules of law..." - sadly, EU regulations in their totality are far from simple

ivan_gammel|26 days ago

Privacy by design is easy. If you are incapable of dealing with GDPR, don’t start a company, because you lack survival skills amyway.