What is sad is that the EU commission doesn't take real action against Google. At best we are to expect a slap in the hand, at worst, the investigations will drag on and nothing will happen.
Google has been fined a 5 billion dollar fine already last year, that claim simply isn't true. But I agree with the implicit demand, they clearly haven't gotten the message. The EU should slap them with billion dollar fines again until they learn their lesson.
Sadly mid-level employees would probably be the ones going to jail. The tech lead and/or PM sign off on compliance. I used to joke that one of my responsibilities was to put my freedom at stake.
None of my products violate GDPR in any way I could conceive, but I’d hate to be handed down a mandate to do so. Both not accepting a project and not signing off on it are pretty bold moves.
Even though it's not optimal, maybe that's what it takes? Then top-tier engineers would think twice about working for companies with shady privacy practices and Google would finally have an incentive to better themselves.
Common retort: don’t just downvote me, tell me why I’m wrong. I’m a professional who had signed off on legal documents. Why would the buck not stop at me? That’s the way it works in architecture and other professions.
I _think_ this rule is intended to discourage "Have an upvote" (and similar) comments, commonly seen on Reddit.
Reminding fellow readers/commenters to not just shallowly dismiss comments once in a while doesn't do much harm, and actually lead me to reply to the parent.
Yep. Privacy violations and leaks should be punished with fines and jail time. Period. End of sentence.
Just like execs have to personally sign for and are accountable for their financial statements, they should do the same thing with privacy. GDPR sets a very common leveling of the field so it's completely fair now.
"Privacy violation" is a huge, gigantic category of all kinds of things. One kind of privacy violation is completely different from another; some privacy violations are completely harmless, and some are actually directly harmful, and some in between.
Giving jail time for any of these is like giving jail time for any kind of "offensive behavior". Maybe someone just didn't like what someone said and called it offensive, or maybe someone physically attacked someone else. You don't get jail time just because someone claimed offense, you have to prove harm, and fit the punishment to the crime.
This is why I can't take privacy advocates seriously. Their effort to fight for all privacy undermines the attempt to prevent real harm from specific kinds of information being exposed.
How about systematic, deliberate, deceptive privacy violations in order to increase profits? That seems like a pretty distinct category from the cases you are concerned with.
I'll take your word for it, the evidence doesn't look clear cut to me,
> privacy violations
Again, who cares if it was just your shoe size? We should not send someone to jail for leaking who your favorite pop star is. Did it, or could it, do harm? This is a nearly universal standard used to assess how someone is punished according to the law.
> in order to increase profits
Of course it's to increase profits, you think they're doing it for fun? Did we stop living in a capitalist economy and nobody told me?
The point is simple, though: they cannot do it to increase profits. Doing it for profit makes it more jarring than, say, collecting extraneous personal information through an error.
Your shoe size point is simply a strawman. You've chosen one arbitrary data point in order to make the argument look less important. In any case, I'm of the opinion that neither Google nor the governments of the world should be allowed to do this kind of large scale surveillance and profiling.
And finally,
> We should not send someone to jail for leaking who your favorite pop star is.
I agree with this completely. However if it's not just my favourite pop star, but it also contains all the articles I've read in the last two weeks, and my age, and what I've recently bought... All of these neat little data points about me, neatly filed in a profile made just for me, then the natural question that arises is: Why do you even have this? Who allowed you to start building this profile on me and on thousands of others? The systematicity and scale of it is hard to argue against.
Whoever cares, cares, and it's none of your business. Noone is suggesting that you should not be allowed to allow companies to collect your shoe size and sell that information, so you are mostly just missing the point.
There are people who do not want to allow that, and there is absolutely no reason why we should force them to allow it. Claiming that what you stole is of little value does not make your theft legal. It is simply not up to you to decide what has sufficient value to keep for other people. If you take something that is someone else's property without them transferring property rights to you first, that is theft, and it is completely irrelevant whether you think that they shouldn't value what you took.
> Did we stop living in a capitalist economy and nobody told me?
If anything, you seem to have a very confused understanding of capitalism. The one core idea of capitalism is strong individual property rights, because that is the basis for decentralized price discovery. Capitalism could not possibly work if the state simply declared that property rights for low-valued goods (based on a valuation decided by the state, presumably) a not enforceable, or if you could simply steal and use your competitor's machinery to produce goods as long as you didn't harm them (like, returned them repaired before their next production run, maybe?).
The fact that someone could make money by violating your property rights certainly never was a justification that allowed them to avoid punishment in a capitalist system.
> Again, who cares if it was just your shoe size? We should not send someone to jail for leaking who your favorite pop star is. Did it, or could it, do harm?
All personal information makes fraud and blackmail easier. Even the seemingly mundane.
I won’t go into details because the relevant law already exists.
This brings me to my second point:
> Of course it's to increase profits, you think they're doing it for fun? Did we stop living in a capitalist economy and nobody told me?
Even in a capitalist society, doing illegal things for money is generally considered worse than doing illegal things without the expectation of getting paid.
> "Privacy violation" is a huge, gigantic category of all kinds of things.
This discussion is about intentional, systematic, large-scale violations of privacy by large corpotations. You pointing out (essentially) that sometimes your one neighbour tells your other neighbour how they heard this rumour about you is simply an attempt to derail the conversation, not a relevant argument.
> You don't get jail time just because someone claimed offense, you have to prove harm, and fit the punishment to the crime.
That's just nonsense. Talking away people's stuff without their consent is a crime. Noone has to prove any harm for you to be punished for theft. If the theft also harmed someone, they obviously can demand that you compensate them for their loss, but that is a completely separate issue.
Yes, the punishment has to fit the crime. And if you were the head of a multi-billion dollar corporation that made money by organizing the stealing of low-value goods from every person on the planet, that punishment presumably would be quite something in order to fit the crime.
I specifically mentioned GDPR not something nebulous or not well defined. It's a level field. It appears Google has violated the GDPR, willfully even. I have no problem with execs going to jail over that.
What about for creating and keeping up a global surveillance-capitalism system where billions of people are tracked, profiles, stripped of their privacy and manipulated, thus disrupting democracy and civic society?
You are ignoring that the government can and does request data from the companies. You may say 'who cares about the adidas I bought', but it doesn't stop there... google knows where you are (location services in android...), who you contact, what sites you are registered to (contatct synced / gmail), in addition of what your interests are(are you gay? involved in casual sex? voting republican or democrat? Planning a protest?).
This level of data collection is wrong regardless of who does it: if a company has this data the government can get it too by definition, after thr data is there it's just a slippery slope.
"(funny how privacy advocates are more upset about Amazon knowing your secrets than the government, who have an actual incentive to use it against you)"
Actually going to disagree with this one. AFAIK, the government has not used their collected information against me at any point in my life as far as I can tell. However, these tech companies are using it literally every day to try and manipulate my decision making.
5 billion is peanuts to google. if the fine is low enough that it can be written off as a cost of business, it's too low. effective fines devastate profit margins rather than merely crimping them.
Doing some quick googling, it looks like their quarterly revenue is in the 6-7 billion range. I don't believe 20%ish of revenue is in the peanuts range.
Edit: doing some more googling, maybe it's in the 10 billion range; getting better for Google, but I still can't see a company deciding that such a fine is irrelevant.
That's also the point. Profit shouldn't have anything to do with fines. Redress and compensation should. A fine is supposed to make business-as-usual unpalatable.
I was curious what the maximum fine for Google could be under GDPR.
Google's 2018 revenue was $136.22 billion. GDPR allows for a maximum fine of 4% of global turnover.
At a maximum 4%, GDPR could impose up to a $5.5 billion fine. I agree, getting something closer to the maximum might help the situation. Although ultimately, my bet is that Google is already baking the 4% revenue risk into their business model. If that's the case, GDPR's maximum penalty should be reconsidered.
