this post was submitted on 23 Jan 2024
257 points (93.3% liked)

Technology

59390 readers
2712 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 203 points 9 months ago* (last edited 9 months ago) (51 children)

I have a solution:

governments should heavily fine companies that are subject to data breaches.

If it cost them real money (proportional to their market cap, the amount of customers affected, and/or the severity of the breach) to allow a data breach, I’m betting they’d shore up those holes REALLLLLLLLLL QUICK.

[–] [email protected] 11 points 9 months ago* (last edited 9 months ago) (2 children)

Article 82, paragraph 1 of the GDPR:

Any person who has suffered material or non-material damage as a result of an infringement of this Regulation shall have the right to receive compensation from the controller or processor for the damage suffered.

Paragraph 2:

Any controller involved in processing shall be liable for the damage caused by processing which infringes this Regulation

Article 24, paragraph 1:

**[T]he controller shall **implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation.

Article 5, paragraph 1f:

Personal data shall be: […] processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss,

Article 83, paragraphs 2 and 5:

Each supervisory authority shall ensure that the imposition of administrative fines pursuant to this Article in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual case be effective, proportionate and dissuasive.

Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:

(a) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7 and 9;

Article 4, paragraph 7:

‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data

(All quotes are excepts, emphasis mine

https://gdpr-info.eu/

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago)

I think we can both guess why these companies never really face penalties that hurt them materially despite this being codified into law in the EU…

[–] [email protected] 2 points 9 months ago (1 children)

I got lost in the comments... why did you paste that here? To show that it is possible to make the data controller liable for breaches?

[–] [email protected] 6 points 9 months ago

Exactly. This is supposed to show that what @[email protected] demands is already law in the EU.

load more comments (48 replies)