A Large GDPR Victim

  • Comments posted to this topic are about the item A Large GDPR Victim

  • Where do the fines go?

  • The GDPR is just the the first ripples of a tsunami of change. If we as data professionals want to be ahead of the wave, and not be swamped by it, we need to begin to change our attitude towards data. It doesn't belong to our companies: it belongs to the people or companies that generated it. Business models built on mining such data: FB, Google, and others: are going to have to adapt, or they will be regulated to death. Remember Ma Bell? There's no company so big that the government can't chop it into pieces. Adapt or die.

    Roland Alexander 
    The Monday Morning DBA 
    There are two means of refuge from the miseries of life: music and cats. ~ Albert Schweitzer

  • Ken Hiatt - Monday, January 28, 2019 10:32 PM

    Where do the fines go?

    Good question. No idea. I assume they go back to the EU nations, but not sure

  • I am skeptical about how far the government will go to enforce data privacy and protection regulations on big data companies, considering that the government actually leverages these same companies as a proxy for it's own surveillance and law enforcement efforts against citizens. I suspect that these companies will always be gathering more data than is needed, and the data will be made available on demand when requested by the government.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Roland Alexander STL - Tuesday, January 29, 2019 5:25 AM

    If we as data professionals want to be ahead of the wave, and not be swamped by it, we need to begin to change our attitude towards data. It doesn't belong to our companies: it belongs to the people or companies that generated it. Business models built on mining such data: FB, Google, and others: are going to have to adapt, or they will be regulated to death. 

    The attitudinal change needs to come from the C-suites as well, otherwise we data professionals can try all we like to manage data in the interests of its true owners, but if the businesses we work for don't also change from the top, we're not going to get very far.
    The level of the fines should concentrate executive minds wonderfully, as will the loss of reputation and trust for those companies which will inevitably be named and shamed for their cavalier handing of other people's data.

  • Ken Hiatt - Monday, January 28, 2019 10:32 PM

    Where do the fines go?

    This is not defined in the EU legislation, so it's down to the individual member countries.  In a number, they are looking to make the bodies responsible for administering it self-financing, and it would then generally go to the regulator (Italy being a case in point, I believe).  In others, it would go to the exchequer.
    Of course, this then leads to the inevitable allegations that the regulator is "being overly punitive and chasing revenue" - admittedly the board of such bodies are often somewhat addicted to setting targets to allow them to liberally smear themselves in obscene bonuses and emoluments.  Of course, with situations such as this, there comes the inevitable privatization - front or back door, doesn't matter - when it suddenly dawns on the CEO of BigCo, that his main and bitter competitor, MassiveCo are now running the show - either "at arm's length" or as part of a consortium - with regard to the regulation of their business critical data and compliance penalties.  "There are, of course, Chinese walls" ...

    I'm a DBA.
    I'm not paid to solve problems. I'm paid to prevent them.

  • Proceeds from collected fines could go toward public awareness campaigns. Also, rather than simply establishing regulations and proscribing periodic audits, the government could hire a team to perform network penetration, actively searching for corporations with vulnerabilities, or analyzing popular apps in a lab environment to confirm what data they are collecting (regardless of what the app developer claims to be collecting). We need the equivalent of the Environmental Protection Agency for the digital realm and consider the matter to be of the same importance.

    Businesses who actually respect the security of their data and privacy of their customers should not fear this. In fact, they should see it as a competitive advantage. It's sort of like the smaller food suppliers who leverage their values, transparent business models, and "USDA Organic" certification to cut into the market share of the multi-national corporations. Google and FaceBook are the "Big Mac Data" corporations; they give you a lot for a very low price, but you pay for their products in ways that are detrimental to your digital health.

    "Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho

  • Eric M Russell - Wednesday, January 30, 2019 9:23 AM

    Proceeds from collected fines could go toward public awareness campaigns. Also, rather than simply establishing regulations and proscribing periodic audits, the government could hire a team to perform network penetration, actively searching for corporations with vulnerabilities, or analyzing popular apps in a lab environment to confirm what data they are collecting (regardless of what the app developer claims to be collecting). We need the equivalent of the Environmental Protection Agency for the digital realm and consider the matter to be of the same importance.

    Businesses who actually respect the security of their data and privacy of their customers should not fear this. In fact, they should see it as a competitive advantage. It's sort of like the smaller food suppliers who leverage their values, transparent business models, and "USDA Organic" certification to cut into the market share of the multi-national corporations. Google and FaceBook are the "Big Mac Data" corporations; they give you a lot for a very low price, but you pay for their products in ways that are detrimental to your digital health.

    I was working in healthcare during the initial HIPAA rollout , and the enforcement auditors immediately went after some of the bigger fish who could afford it.  Ultimately they know a lot of orgs will have issues with not having kept up with the schedule, so going after a news-grabbing fine  is a way to signify that they intend to enforce it, as well as an incentive t get everyone else to catch up.

    Of course I wouldn't characterize Google as a victim of anything.  They have plenty of influence to throw around and likely should have finished getting the consents as dictated by the mandate.

    ----------------------------------------------------------------------------------
    Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?

Viewing 9 posts - 1 through 8 (of 8 total)

You must be logged in to reply to this topic. Login to reply