this post was submitted on 24 Oct 2024
450 points (99.3% liked)

Technology

59589 readers
2936 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The administrative penalties, which are worth around $335 million at current exchange rates, have been issued by Ireland’s Data Protection Commission (DPC) under the European Union’s General Data Protection Regulation (GDPR). The regulator found a raft of breaches, including beaches to the lawfulness, fairness and transparency of its data processing in this area.

The GDPR requires that uses of people’s information have a proper legal basis. In this case, the justifications LinkedIn had relied upon to run its tracking ads business were found to be invalid. It also did not properly inform users about its uses of their information, per the DPC’s decision.

LinkedIn had sought to claim (variously) “consent”-, “legitimate interests”- and “contractual necessity”-based legal bases for processing people’s information — when obtained directly and/or from third parties — to track and profile its users for behavioral advertising. However, the DPC found none were valid. LinkedIn also failed to comply with the GDPR principles of transparency and fairness.

you are viewing a single comment's thread
view the rest of the comments
[–] NaibofTabr@infosec.pub 34 points 1 month ago* (last edited 1 month ago) (12 children)

I always feel like the solution is to make this sort of thing unprofitable. Rather than just having a cost-of-doing-business fine, the company should have to forfeit all revenue generated by the illegal activity. The fine should then be assessed in addition to the revenue forfeiture, making it a real penalty rather than a wrist-slap.

Businesses operate on cost-benefit analyses and risk assessments. If violating the privacy regulation risks the loss of all revenue for the ad business, they won't do it.

[–] kambusha@sh.itjust.works 8 points 1 month ago (8 children)

Just jail the CEO. Maybe their salary will finally be justified, if they're willing to take the risk.

[–] NaibofTabr@infosec.pub 6 points 1 month ago (7 children)

Thing is, if the profit is high enough and the golden parachute is good enough then a business could probably find someone to take the fall as the CEO for them. Losing the CEO won't end the business or their exploitative behavior.

[–] kambusha@sh.itjust.works 3 points 1 month ago (1 children)

Tbh, you're probably right. It's the same reason that solar finally is seeing an uptick, and how cryptography works. Solar makes financial sense now, and cryptography is all just about how much money you would need to spend to crack a password.

[–] NaibofTabr@infosec.pub 2 points 1 month ago* (last edited 1 month ago)

This is really it. Businesses are about making money. If you want to change the way businesses behave, you have to change the financial incentives. You can condemn the capitalist greed motivation if you want, but that really only amounts to moralistic posturing, it doesn't accomplish anything practical. It's more useful to understand how businesses make decisions, and then adjust rules to incentivize the behavior you want and disincentivize the behavior you don't want.

An ounce of prevention is worth a pound of cure.

load more comments (5 replies)
load more comments (5 replies)
load more comments (8 replies)