privatelife - privacy, security, freedom advocacy
This community is meant to advocate privacy, security and freedom in an concise manner, free of prejudice bias, free of politics, free of cultist thoughts.
Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say. - Edward Snowden
Reddit: https://old.reddit.com/r/privatelife
Matrix: https://matrix.to/#/#privatelife:matrix.org
Telegram: https://t.me/r_privatelife
READ THE RULES
-
Opinions are welcome, facts more so. Attack arguments, not people. Hating, baiting, trolling, flaming will be dealt with strictly.
-
Discuss closed source software with caution. Advocating for it strongly (cult brigading) can be treated as violation of this rule.
-
Editing titles of article links is strictly prohibited, unless and until the summarisation remains accurate to the context of the article or paper. Such link post will be removed without questioning.
-
Targeting of any country, person or nation is strictly prohibited without valid reasoning. Evidence if not presented against the specific company/corporation/individual will be treated as personal attack and/or hate speech. This will result in a warning, then ban system.
-
NO PERMA BANS! Ban system will work as follows:
1 day --> 3 day --> 1 week --> 2 weeks --> 3 weeks --> 1 month --> 3 months --> 6 months
Severity of the ban system will be dealt with based on degree of violation and circumstances.
-
NO FACT-LESS EVIDENCES, NO FALSE RHETORIC Evidence has to be credible. The onus of this lies on the claimant. The same applies on the user who questions proven evidence. Violation of this rule will be dealt with strictly.
-
Copycat posts serve to litter the community, increasing quantity and decreasing quality of posts. As such, posts will be removed. Repeated attempts will receive warning.
Related communities:
view the rest of the comments
You’re still talking about voluntary compliance. The GDPR is not entirely useless for this reason - some orgs will comply despite the unlikeliness that any action results. Great! My long history of art.77 reports show GDPR-hostile orgs getting away with it.
Here’s how the math works: your expectation of a fine (cost of noncompliance) is compared to the cost of compliance (e.g. hiring subject matter experts for consultation and making adaptations as needed). The expectation of a fine is the fine amount multiplied by the probability. The fine amount is negligible (if anything) for gov agencies and the probability a fine is levied by a state against itself is even much smaller than the probability of a fine against a commercial corp. So gov offices laugh at the GDPR. Commercial orgs can get a huge fine but they tend to get warnings, not to mention the chance a DPA even bothers to engage the offender is infintesmal as it is. The cost of compliance is generally higher, which is why they don’t bother. Hence why I’m up to my neck in violations. Luckily the good samaritans orgs that comply are the ones who haven’t done the math.
The GDPR would only become an effective force if they were to amend it so that article 77 were itself enforceable against the deadbeat DPAs.
All law compliance is voluntary on the threat of consequences, that is a bad point, because since all compliance is voluntary, then you are saying that all laws are largely useless.
My personal experience, in my country, is that GDPR is working fine, just as fine as any other law. There are always some people who break laws, and there are always resource costs to catch and fine/prosecute the law breakers. As long as the observable majority are law abiding, the law works as well as it can.
Outliers don't make the law moot, or GDPR "nothing" as you stated in your earlier post, and no amount of reasoning you attempt to give can convince me otherwise, as my personal experience and observations differ from what you are attempting to peddle.
FYI: no gov offices are laughing at GDPR in Finland, if they did, another separate branch of gov would fine them. What you are saying is that due to the fact that corruption exists, your govs are not taking the law seriously. That's a separate issue and affects everything, not just GDPR, and again, doesn't make GDPR moot.
Yes, but this only muddies the waters to mention. You’ve forgotten what I said previously. I’m not saying it’s voluntary on the trivial basis that all actions are voluntary. I’m saying compliance is voluntary because (as I have established and you failed to counter) the GDPR is not being enforced for the most part. You have ONE fine every THREE WEEKS by each DPA. How is your math not sorting that out? I will lay it out here:
52 weeks/yr ÷ 3 weeks × 23 DPAs × 5 years = 1993 + ⅓
That’s absurdly deadbeat on the DPA’s part. As one individual I am personally encountering violations at nearly that rate just on my own as one person. On average the DPA in one country is doing enough workload for one single victim. Scale that to a nation of people and the result is they’re doing fuck all.
My anecdotal experience reflects that of others and in fact mirrors the big picture. But you need not take my word for it. Read about it (“Fines are few and far between…Enforcement is, at best, patchy and inconsistent.”). Though I must say your lack of awareness makes your background questionable. You should know about the lack of enforcement problem if your career is tied to it. After all, your own numbers reflects this you’re just neglecting to do the math.
You’ve tried shifting the focus onto the revenue from the fines, which is irrelevant to the probability of getting a fine. The absurdity of that attempt is that “Meta…. accounted for 80% [of last year’s total fines], with its largest fine reaching €405 million.”
They do when the statistical outliers actually reflect cases of fines, as opposed to the cases of inaction. Again, 1 fine every 3 weeks for a whole country. That’s what makes the law moot from an enforcement perspective. You throw out the outliers and you’re left with no enforcement in the remaining dataset.
I didn’t exactly assert corruption. That’d be slightly overstated. There is certainly a conflict of interest when gov agencies are accountable to DPAs of the same country. You can use your own judgement as to whether to outright assert “corruption”. Either way, that’s only a factor when the GDPR offender is a gov agency. Lack of enforcement is bigger than that. As I said, the law itself is the problem because it’s not motivational. Again, there is no enforcement clause to force DPAs to honor article 77 reports. That’s the problem which you continue to ignore. It also doesn’t help that “DPAs complain about a lack of budget and personnel. While German DPAs employ around 1200 staff, Belgian, Croatian, and Romanian DPAs average only 50.” (from the same article) So the other problem is that the GDPR does not require member states to allocate sufficient resources for the workload -- though that problem would take care of itself if there were a penalty for member states who fail to uphold art.77.