Facebook faces £1.25bn EU GDPR fine over data breach

[spacein_vader]

Notice, yes. But Saracen mentioned really hurt and that I'm not so sure on.

Is loosing out on three months worth of earnings enough to instigate what could be costly changes? Or will it just be seen as the cost of doing business.

I mean i have no idea how much extra it would cost someone like FB to ramp up security to something like payment card levels (not that they're immune), or how often someone like FB would expect to get hit with similar levels of fines, IDK if the cost of not doing anything outweighs the cost of doing something.

Losing 3 months once would make them sit up and take notice. Alongside a fine you'd get a notice to improve, telling you what deficiencies you're being fined for and that you need to resolve them. Failure to resolve them results in... Another fine of similar magnitude. And another. And so on until you get your house in order.

Doing nothing is not an option. I suspect the one they'd take would be to do the absolute bare minimum and obey the letter of any notice rather than the spirit of it. Hence the current privacy theatre Google, Facebook, MS and others take you through occasionally where they get you to review their confusingly worded options.

[Saracen]

They probably don't then as £1.25bn amounts to three months profit for FB.

Well, £1.25 bn, in cash, will sting ANY company, even if they can comfortably pay, but my comment was about "these fines", not "this fine".

What I meant was the level of fines that can be imposed, not necessarily just this one.

[badass]

But you hit a business or two with really heavy fines and not only do you send a message that you're serious about regulation to those firms, but you give every other business an "Oh poop that could be us" moment to motivate them to not be next.

Yes and no. Some businesses will take notice. Most are run by muppets that believe in train crashes. i.e. "it won't happen to us, continue as you were"

Until the train crashes. Then there will be a massive knee jerk reaction that will involve throwing money at any product and consultancy that mentions security with no strategy in place whatsoever. So they end up spending a load on security and achieving very little. Apart from lots of shelfware.

[Saracen]

Yes and no. Some businesses will take notice. Most are run by muppets that believe in train crashes. i.e. "it won't happen to us, continue as you were"

Until the train crashes. Then there will be a massive knee jerk reaction that will involve throwing money at any product and consultancy that mentions security with no strategy in place whatsoever. So they end up spending a load on security and achieving very little. Apart from lots of shelfware.

Perhaps.

But if some take notice, well .... remember that old anti-lawyer joke -

"What do you call three dead lawyers?"

"A good start".


Note : Substitute you own profession/occuptation of particular detestation, be it estate agents, hack journalists, ad executives, Google management, low-end used car salesmen, politicians, more politicians, etc.

Or, in my case, pretty much all of the above. But that's another story.