I'd say the numbers listed here prove the GPs point of poor enforcement. The largest fine is roughly 0.97% of Meta's 2023 revenue, the equivalent of a $600 fine for somebody making 60k / year. It's a tiny-tiny cost of doing business at best, definitely not a deterrent, given Meta's blatant disregard for GDPR since then.
> the equivalent of a $600 fine for somebody making 60k / year
I don't know about you, but on that income I would certainly not brush off such a fine as a "cost of doing business". Would it cause me financial trouble, or would it force me to sacrifice other expenses? Absolutely not. But would I feel frustrated at having to pay it, feel stupid for my mistake, and do my best to avoid it in the future? Absolutely yes.
My bad, a better analogy would be a dealer making 60k / year selling drugs, gets caught by police and is fined $600. I wouldn’t expect them to change much.
Fair enough. In that sense I do see value in the analogy.
Would you still do your best to avoid it if that involved taking a pay cut of more than $600/year?
1% of Meta's global revenue is a tiny-tiny cost of doing business? At that point, I think I can stop even trying to argue here. It's a massive fine any way you put it. Especially when you consider the ceiling hasn't been reached and non compliance is more and more costly by design.
Their net profit was $60billion in 2024. This is peanuts. It can fluctuate by multiples of this fine in a month, depending on whether or not they've had a bad or good month, nevermind year. This pretty much is just a cost of doing business.
It's not even 1% of their annual revenue, let alone the entire multi year period they've been in breach before and since. It's nothing to them.
The interesting part is that it keeps going up. You seem to believe we have somehow reached a cap where Meta can just expense it as a cost of doing business. That's not how European law works. The fine maximum is far higher and repeated non compliance keeps making the fines higher and higher. It's a ladder not a sizing precedent.
Unfortunately it doesn't in practice. Meta's total revenue since 2018 when GDPR came into force is just shy of $1T. Even with all the smaller fines combined, the total amount of GDPR related fines is in the range of $3B. It's a rounding error.
There isn't a trend of increasing fines, nor has any fine even reached the cap, let alone applied multiple times for the recurring violations. Even more with the current US administration's foreign policy towards the EU.
While GDPR as a law is fine, with the exception of enforcement limitations, enforcement so far has been a complete joke.
Maximum GDPR fine is 4% of global revenue in the previous year. If a company has 30% profit margin then they can, in theory, treat is as a cost of doing business, indefinitely.
It's 4% per fine. Each violation is a fine and Meta owns multiple companies that can be fined. But 4% of global revenue already can't be treated as just a cost of doing business. Their shareholders would murder them.