Hacker News new | past | comments | ask | show | jobs | submit login

Fines must be "effective, proportionate and dissuasive", and there are various factors that the authorities must take into consideration. If you feel they _haven't_ taking the relevant factors into account, you can take it to the courts (especially if there is a history of fining non-EU companies more, as that would suggest they are taking irrelevant factors into consideration.

https://gdpr-info.eu/art-83-gdpr/




Um, those three words "effective, proportionate and dissuasive" together mean "as high as possible".

So yah, people are right to block the EU first, and figure out the details later.


> Um, those three words "effective, proportionate and dissuasive" together mean "as high as possible".

No they absolutely do not.


Really? "effective" = large amount, so company won't do it again, "proportionate" = relative to revenue, "dissuasive" = make them an example so no one else will dare.

I bet you are going to tell me proportionate somehow makes it all better, but for companies that make money this way, the amount of money they make this way in proportion to their income is basically all of it.

So you can bet regulators will go for the full amount.

No company in their right mind is going to rely on the mercy of an EU court toward a non-EU company.


> "effective" = large amount, so company won't do it again

Generally true, but it should be read with proportionate as meaning as large as necessary to be effective -- if a warning is sufficient to ensure compliance, then the effective clause suggests a fine is NOT warranted.

> "proportionate" = relative to revenue

_Absolutely_ not - proportionate to the _infringement_. There is no other reading that makes sense here.

> "dissuasive" = make them an example so no one else will dare.

Dissuasive also encompasses encouraging companies to cooperate with regulators and make a best effort to comply. If they are going to get the maximum fine for a minor breach, even if they made a full effort to comply and merely overlooked something, they are _not_ dissuaded from ignoring the GDPR in its entirety.

> So you can bet regulators will go for the full amount.

Certainly not. Going for the full amount, regardless of the circumstances and ignoring the factors they MUST consider, is going to result in the fines being overturned by the courts, which undermines their position, doesn't fulfill the purpose of the fine (if the company successfully challenges it), and doesn't fulfill the aims of the GDPR. Ignoring the law to go for the maximum fine would be a terrible decision for a regulator to make, and you can look at the history of enforcement of the DPD to see that regulators _don't_ generally go for the maximum fine.


Horseshit.

Proportionate means „proportionate to the infraction“. That is simply not up for debate or „internet troll‘s opinion“, that‘s established law.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: