chha

Medical, banking and insurance are three industries that the European data privacy watchdogs are much more strict about because of the potential for damage.

StopDisinfo910•

3 months ago

https://en.wikipedia.org/wiki/GDPR_fines_and_notices

Top 5 fines:

1 - Meta - Ireland - €1.2 billion

2 - Amazon Europe - Luxembourg - €746 millions

3 - WhatsApp - Ireland - €225 millions

4 - British Airway - UK - £183 millions

5 - Google - France - €60 millions

I wish every law barely got enforced this way.

throawayonthe•

3 months ago

pretty pathetic, but people keep insisting you can regulate capital

Zanfa•

3 months ago

I'd say the numbers listed here prove the GPs point of poor enforcement. The largest fine is roughly 0.97% of Meta's 2023 revenue, the equivalent of a $600 fine for somebody making 60k / year. It's a tiny-tiny cost of doing business at best, definitely not a deterrent, given Meta's blatant disregard for GDPR since then.

Mordisquitos•

3 months ago

> the equivalent of a $600 fine for somebody making 60k / year

I don't know about you, but on that income I would certainly not brush off such a fine as a "cost of doing business". Would it cause me financial trouble, or would it force me to sacrifice other expenses? Absolutely not. But would I feel frustrated at having to pay it, feel stupid for my mistake, and do my best to avoid it in the future? Absolutely yes.

Zanfa•

3 months ago

My bad, a better analogy would be a dealer making 60k / year selling drugs, gets caught by police and is fined $600. I wouldn’t expect them to change much.

Mordisquitos•

3 months ago

Fair enough. In that sense I do see value in the analogy.

SkiFire13•

3 months ago

Would you still do your best to avoid it if that involved taking a pay cut of more than $600/year?

StopDisinfo910•

3 months ago

1% of Meta's global revenue is a tiny-tiny cost of doing business? At that point, I think I can stop even trying to argue here. It's a massive fine any way you put it. Especially when you consider the ceiling hasn't been reached and non compliance is more and more costly by design.

KoolKat23•

3 months ago

Their net profit was $60billion in 2024. This is peanuts. It can fluctuate by multiples of this fine in a month, depending on whether or not they've had a bad or good month, nevermind year. This pretty much is just a cost of doing business.

Zanfa•

3 months ago

It's not even 1% of their annual revenue, let alone the entire multi year period they've been in breach before and since. It's nothing to them.

StopDisinfo910•

3 months ago

The interesting part is that it keeps going up. You seem to believe we have somehow reached a cap where Meta can just expense it as a cost of doing business. That's not how European law works. The fine maximum is far higher and repeated non compliance keeps making the fines higher and higher. It's a ladder not a sizing precedent.

Zanfa•

3 months ago

Unfortunately it doesn't in practice. Meta's total revenue since 2018 when GDPR came into force is just shy of $1T. Even with all the smaller fines combined, the total amount of GDPR related fines is in the range of $3B. It's a rounding error.

There isn't a trend of increasing fines, nor has any fine even reached the cap, let alone applied multiple times for the recurring violations. Even more with the current US administration's foreign policy towards the EU.

While GDPR as a law is fine, with the exception of enforcement limitations, enforcement so far has been a complete joke.

Detrytus•

3 months ago

Maximum GDPR fine is 4% of global revenue in the previous year. If a company has 30% profit margin then they can, in theory, treat is as a cost of doing business, indefinitely.

StopDisinfo910•

3 months ago

It's 4% per fine. Each violation is a fine and Meta owns multiple companies that can be fined. But 4% of global revenue already can't be treated as just a cost of doing business. Their shareholders would murder them.

chha•

4 months ago

•on: Sleeper Shells: Attackers Are Planting Dormant Bac...

So true. Can't wait for NIS2 to be implemented in my location (EU); the new directive allows authorities to hold board members and CEOs personally responsible for cybersec fails (although only as a last resort, after trying other means).

chha•

6 months ago

•on: Ask HN: Hearing aid wearers, what's hot?

The belt packs typically do a lot more than to amplify ambient noise, they also handle RF, depending on the model decryption of the audio signal, EQ as well as other stuff. All while typically running on 2x1,5V AA batteries.

Audio gear isn't made to last long on batteries, it's made to be reliable for the hours a show typically lasts. I worked part-time as a sound tech (paid hobby) for 15+ years, and I never started a show without fresh batteries, regardless of what the indicators on the transmitters/receivers told me.

chha•

6 months ago

•on: Shai-Hulud Returns: Over 300 NPM Packages Infected

Been a while since I looked into this, but afaik Maven Central is run by Sonatype, which happens to be one of the major players for systems related to Supply Chain Security.

From what I remember (a few years old, things may have changed) they required devs to stage packages to a specific test env, packages were inspected not only for malware but also vulnerabilities before being released to the public.

NPM on the other hand... Write a package -> publish. Npm might scan for malware, they might do a few additional checks, but at least back when I looked into it nothing happened proactively.

arccy•

6 months ago

npm is run by github / microsoft now, which also sells security products...

chha•

8 months ago

•on: NSO permanently barred from targeting WhatsApp use...

It depends. If they simply ignore the ruling, my guess is that whatever trade agreements are in place have a mechanism for escalating such violations so that an Israeli court can enforce the order. I also take for granted that it depends a lot on the political climate and the strategic value for the governments of Israel and the US...

chha•

8 months ago

•on: GlassWorm, Self-Propagating Worm Using Invisible C...

Similar to the Shai Hulud attack, but with more sofisticated C2 (blockchain, Google Calendar). It also uses Unicode characters to hide source code in IDEs, harvests ecosystem credentials to infect and publish new versions of packages you have access to, and more.

chha•

9 months ago

•on: We all dodged a bullet

There could, this would essentially be in the form of a standard library. That would work until someone decides they don't like the form/naming conventions/architecture/ideology/lack of ideology/whatever else and then reinvent everything to do the same, but in a slightly different way.

And before you know it, you have a multitude of distributions to choose from, each with their own issues...