Which is the whole point. If the fine is too low to be threatening, it could be write off as just “cost of business” there is no incentive to stay on the right side of the law. In your example the only thing that would happen is that apple would pay less dividend to the shareholders which, while I admit is something that could be a problem for them, in my opinion is not enough, considering the number of people affected.

I see what you mean, but earnings affect more than dividends, they also affect a companies growth. More than likely with the 20-50% reduction in earnings -that comes from the 5-15% range- the company would either make shareholders eat the cost, which is unlikely, or the shareholders will keep their returns and the company will sacrifice any meaningful growth. It seems to me that this is a big enough incentive to not breach people’s privacy as it no longer is a cost of doing business unless you’re vision of a well run business is one that doesn’t ever do any expansion.

Obviously the law must be simple enough to follow so that for Jim’s furniture shop is not a problem nor a too high cost to respect it, but it must be clear that if you break it you can cease to exist as company.

I think this may be the root of our disagreement, I do not believe that there is any law making body today that is capable of an elegantly simple law.

We also definitely have a difference on opinion when it comes to the severity of the infraction, in my mind, while privacy is important, it should not have the same level of punishments associated with it when compared to something on the level of poisoning water ways; I think that a privacy law should hurt but be able to be learned from while in the poison case it should result in the bankruptcy of a company. I hold this opinion since, while it doesn’t really apply to large corporations, at the end of the day if a business goes bankrupt, the owners lose their investment and the workers lose their jobs. Now obviously the workers would be able to adapt, but for the owners, their livelihood is destroyed over something that by itself would not destroy the livelihood of anyone else. The issue we find ourselves with today is that the aggregate of all privacy breaches makes it harmful to the people, but with a sizeable enough fine, I find it hard to believe that there would be major or lasting damage. For this reason I don’t think it is wise to write laws that will bankrupt a company off of one infraction which was not directly or indirectly harmful to the physical well being of the people: and I am using indirectly a little bit more strict than I would like to since as I said before, the aggregate of all the information is harmful.

No, the companies will simply follow the rules of the country they operated in.

I think you put too much faith in people understanding what’s right and wrong prior to being told off, I understand the sentiment of making laws that would only allow good people to benefit from them, but I think there aren’t enough good people in business for the economy to stay out of a recession, which I think would cascade really fast into said law being repealed.

Even now the payment processors are subjected to regulations that if applied to apple, google or facebook would make them close their business, for example.

I would have to look into the laws in question, but on a surface level I think that any company should be subjected to the same baseline privacy laws, so if there isn’t anything screwy within the law that apple, Google, and Facebook are ignoring, I think it should apply to them.

I do not want jail time for the CEO by default but he need to know that he will pay personally if the company break the law, it is the only way to make him run the company being sure that it follow the laws.

For some reason I don’t have my usual cynicism when it comes to this issue. I think that the magnitude of loses that vested interests have in these companies would make it so that companies would police themselves for fear of losing profits. That being said I wouldn’t be opposed to some form of personal accountability on corporate leadership, but I fear that they will just end up finding a way to create a scapegoat everytime.

The question then is: why a company should have 2-3 privacy issue a year ? I can get the first one, but the second ? Or the third ?

In general I like laws that are as objective as possible, I think that a privacy law should be written so that it is very objectively overbearing, but that has a smaller fine associated with it. This way the law is very clear on right and wrong, while also giving the businesses time and incentive to change their practices without having to sink large amount of expenses into lawyers to review every minute detail, which is the logical conclusion of the one infraction bankrupt system that you seem to be supporting.

Why a company that break the law should be able to continue the break the law just because if it even caught it is the next fiscal year if not later (at the end of the process and various appeals) ?

I guess I am assuming that the law we are talking about would be written by infraction, which means that if a company broke multiple sections of the law, they would go under after either 2-3 individual cases for the different sections, or from one large lawsuit that included them all. In this way there is a difference in penalty depending on how much the company continues to break the law.

Which is a good start but nothing that cannot considered when doing a budget, so no real danger here.

I have to disagree since if they lose two court cases they essentially just break even, no amount of budgeting other than pursuing a 200% markup will solve this issue.

Something that occurred to me during this reply chain is that there is no reason not to write the law in such a way that starts it low say 10% and make it so that it is revised every year or so In increments of ± 5%, eventually we will hit the percentage that actually works without disrupting the economy. I would also stipulate that it can’t drop below 5%. Although this would have to be included as an annual budget thing which has its own problems, but I think this would be the best halfway point between our ideas at least when it comes to the percentages.

I will preface this comment with a change in my opinion when it comes to semantics, I think my 2-5% range is too low after researching a bit more, I would be much more in favor of 5-15%, but the remainder of my point stays the same.

I don’t think so. It’s not that the massive fines committed to Apple and Google make them change the CEO.>

Which fines are you referring to, in my opinion the biggest problem that we currently have is that there are realistically no penalties for breaking the law.

Just doing a quick Google search, apple made about 400b in revenue last year, and apple just had a 2b fine from an antitrust lawsuit. Applying the 5% fine, that 2b would become 20b which equates to 20% of their annual earnings for that year.

If we applied the 50% penalty that started this thread, that becomes a fine of 200b which means, using the apple example, that the company loses 100b when they get down to their earnings. This is the reason why I feel like 50% is too much, if one privacy court case in one country is enough to bankrupt a company, no company would ever attempt to provide a service that is remotely adjacent to that law: in my mind, some of the services that would cease to exist would include search engines, payment processors, and email newsletters.

All in all, I think that the penalty should be a fine, because realistically this is a civil matter, and I am not a big proponent of jail time without a criminal conviction. I do agree that the fixed amount fines are too damaging to smaller firms and a slap on the wrist for large ones, so after looking at the numbers for apple and Google 5% equates to a noticeable hit to the companies bottom line, and 15% is a little bit short of making the company entirely unprofitable; this means that the fines range from hurting or stunting the growth of a company for one privacy related issue in whatever country is enforcing this law. This also means that on the high end bankruptcy will loom over any company that has 2-3 privacy issues in any given year.

Addendum: if you were wondering, about the numbers for 15%, the earnings in 2024 for apple would be 35b or a 37% decrease, and for Google it is 47.5b or a 48% decrease.

For web browser’s, check librewolf or brave, I would lean further towards librewolf just because it’s oss which is something I value.

For search engines, we’re in a weird spot right now because Microsoft is restricting the use of Bing’s search API, but duck duck go is good, and ecosia as well, but they both may be in a rough spot soon.

Work computer you can’t do much other than ask your supervisor to ask about moving away from ai stuff, all you can do directly is limit your personal information on your work station.

For phones, If you have apple, sorry, if not, you could look into changing the operating system on it to something like e/os or graphene os, they are both operating systems that are focused on privacy and security.

If you need anymore information about my recommendations, I am happy to help.

Out of curiosity what devices are giving you these issues? I may know of some alternatives depending.

I know the human tendency is to think in extremes, but I would prefer to have a system that is as balanced as possible, or at least one that affords adecuate protections to all parties involved.

The issue I have with the “just don’t do anything illegal” argument is that depending on how the illegality is defined, it can be used as a tool for bad actors. Take for instance something like the afformentioned 50% penalty with mandatory jail time for repeat offenders, if I decided that jim’s furniture store shouldn’t exist anymore, I would only need to find some tiny thing wrong with their data handling, like for instance, assuming this specific hole exists, that they asked for contact info before it’s needed for purchase verification. Now they may lose on this minor infraction, and pretty much any small business will die a horrible death without half their revenue. Meanwhile the mega corps will likely find some workaround do to their high priced lawyers, but even assuming we make a rock solid definition, they still just cycle the ceo immediately, because no one will want to be an active ceo when they are one court case from jail.

I agree with the sentiment, but that harsh of an enforcement method is overkill, the penalty should be a fine, not jail time, because otherwise it could be abused to an insane extent, and 50% will immediately bankrupt pretty much any company immediately, most well structured businesses could probably sustain fines on the order of 40%, I do like your inclusion of percentage based penalties, but realistically with 2-5% fines, any ceo will be removed from their company after the first or second offense, and the company will bankrupt if they sustain more than a couple fines in a year.

Edit: after doing the math on some actual companies, I believe 2-5% is too low, realistically 5% is the lowest that would actually change business dealings, and 25% will make a company just barely dip into the red. For this reason I think 5-15% should be the goal post.

I would say so, in my opinion the US has an education problem when it comes to fire arms. People are rightfully scared of what they don’t know, but culturally, the people who don’t know that much about them are adamant against learning about them. This coupled with the lack of respect given to them by people who do know how to handle them leads to the position we find ourselves in today.