this post was submitted on 24 Oct 2024
450 points (99.3% liked)

Technology

59495 readers
3110 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The administrative penalties, which are worth around $335 million at current exchange rates, have been issued by Ireland’s Data Protection Commission (DPC) under the European Union’s General Data Protection Regulation (GDPR). The regulator found a raft of breaches, including beaches to the lawfulness, fairness and transparency of its data processing in this area.

The GDPR requires that uses of people’s information have a proper legal basis. In this case, the justifications LinkedIn had relied upon to run its tracking ads business were found to be invalid. It also did not properly inform users about its uses of their information, per the DPC’s decision.

LinkedIn had sought to claim (variously) “consent”-, “legitimate interests”- and “contractual necessity”-based legal bases for processing people’s information — when obtained directly and/or from third parties — to track and profile its users for behavioral advertising. However, the DPC found none were valid. LinkedIn also failed to comply with the GDPR principles of transparency and fairness.

you are viewing a single comment's thread
view the rest of the comments
[–] kambusha@sh.itjust.works 8 points 3 weeks ago (1 children)

Just jail the CEO. Maybe their salary will finally be justified, if they're willing to take the risk.

[–] NaibofTabr@infosec.pub 6 points 3 weeks ago (2 children)

Thing is, if the profit is high enough and the golden parachute is good enough then a business could probably find someone to take the fall as the CEO for them. Losing the CEO won't end the business or their exploitative behavior.

[–] P1nkman@lemmy.world 7 points 3 weeks ago (1 children)

Board of Directors. Entire C-suite on trial. People with 10% or more ownership of shares. That would change things.

Oh, emails were deleted and couldn't be recovered? CTO is at fault. Skip start, go straight to jail.

[–] NaibofTabr@infosec.pub 3 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Well... look, I'm all for punishing white collar crime, we should do more of that, but I'd much rather incentivize preventing this kind of thing in the first place than punishing people after the fact.

Taking away the revenue (remember revenue means all the income, not just the profit) from criminal behavior does that, because it means the business risks financial collapse.

For instance, in this case if LinkedIn's EU ad sales department violated EU law, then all revenue from the EU ad sales department should be forfeit, for the entire time period during which the violation occurred.

This would be a lot more effective than threatening rich people with jail time, because rich people can always make a deal to serve their time in a nice facility or house arrest or something. Instead, we threaten to wipe out the business financially.

[–] P1nkman@lemmy.world 3 points 3 weeks ago (1 children)

Oh, I totally agree, but if we use the example in the article, how would the EU be able to prove LinkedIn's revenue? These companies are shifting their money around so they don't have to pay tax.

[–] NaibofTabr@infosec.pub 2 points 3 weeks ago (1 children)

Ah, hah, I'm glad you asked, I have thoughts on that too.

Auditing. The government (every government) should employ a team of auditors. In a case like this, the auditors will be attached to the offending company for the purpose of reviewing their operational and financial records. The auditors will be part of (inside of) the company operations for as long as it takes to untangle the details and assess the total sum of revenue gained from the illegal activity, and if that interferes with running the business well that's too effing bad.

While the auditing is ongoing, the company will be responsible for paying the auditors' salaries and expenses, and providing office space and whatever other resources they need. There will also be a representative of the auditors assigned to the executive board, present at all board meetings, with voting and veto privileges. Effectively, the company is on probation and under observation until their debt is paid. Any other violations discovered during the audit will result in additional prosecutions.

If the company finds this too burdensome, or if they have tried to obfuscate their records, then they can simply forfeit the revenue of the entire department/operational area in order to expedite the audit.

[–] P1nkman@lemmy.world 2 points 3 weeks ago

Oh dang, I hadn't thought of about that, and it's a very good solution!

[–] kambusha@sh.itjust.works 3 points 3 weeks ago (1 children)

Tbh, you're probably right. It's the same reason that solar finally is seeing an uptick, and how cryptography works. Solar makes financial sense now, and cryptography is all just about how much money you would need to spend to crack a password.

[–] NaibofTabr@infosec.pub 2 points 3 weeks ago* (last edited 3 weeks ago)

This is really it. Businesses are about making money. If you want to change the way businesses behave, you have to change the financial incentives. You can condemn the capitalist greed motivation if you want, but that really only amounts to moralistic posturing, it doesn't accomplish anything practical. It's more useful to understand how businesses make decisions, and then adjust rules to incentivize the behavior you want and disincentivize the behavior you don't want.

An ounce of prevention is worth a pound of cure.