Facebook could face EU fines of up to $1.6 billion over data breach - Sensationalist Headlines

https://www.wsj.com/articles/facebook-faces-potential-1-63-billion-fine-in-europe-over-data-breach-1538330906 A European Union privacy watchdog could fine as much as $1.63 billion for a data breach announced Friday in which hackers compromised the accounts of more than 50 million users, if regulators find the company violated the bloc’s strict new privacy law. Ireland’s Data Protection Commission, which is Facebook’s lead privacy regulator in Europe, said Saturday that it has demanded more information from the company about the nature and scale of the breach, including which EU residents might be affected.nIn an emailed statement, the regulator said it is “concerned at the fact that this breach was discovered on Tuesday and affects many millions of user accounts but Facebook is unable to clarify the nature of the breach and the risk for users at this point.” A spokeswoman for Facebook said Sunday that the company will respond to follow-up questions from Ireland’s DPC and keep regulators apprised of further developments. Facebook Chief Executive Mark Zuckerberg said Friday that the social network was taking the breach very seriously, and that it is still trying to determine many details around the scope and impact of the incident. For Facebook, the breach is a significant blow to its efforts to regain trust after a series of privacy and security snafus that have riled users and lawmakers alike. It marks one of the first significant tests of how regulators will apply the breach-notification and data-security provisions of the new European law, dubbed the General Data Protection Regulation, that went into effect earlier this year. It might also be a sign that the law’s threat of massive fines are already changing how firms handle big breaches—forcing them to disclose them faster and more publicly than before. Under GDPR, companies that don’t do enough to safeguard their users’ data risk a maximum fine of €20 million ($23 million), or 4% of a firm’s global annual revenue for the prior year, whichever is higher. Facebook’s maximum fine would be $1.63 billion using the larger calculation. The law also requires companies to notify regulators of breaches within 72 hours, under threat of a maximum fine of 2% of world-wide revenue. “The 72 hours is focusing everyone’s mind,” said a European privacy lawyer who works with big tech firms, but doesn’t represent Facebook. The occurrence of a breach alone isn’t enough to merit a fine. While the new privacy law’s fines have yet to be tested, EU regulators often decline to issue the maximum possible fine in cases where a company has cooperated or been in at least partial compliance. The Irish DPC said Facebook notified it of the breach on Thursday evening, which appears to fall within the law’s 72-hour time limit. The regulator complained that the notification “lacked detail,” but privacy lawyers said Sunday that it is common for a company to give an initial notification and then update regulators as they learn more about a breach. A spokesman for the DPC declined to elaborate on his statement until Facebook had replied to the regulator’s questions.

Damn that is a hell of a large fine. I really do like the idea of fining based on a percent of the companies revenue as opposed to a set amount. Seems too often that companies get away with a 'slap on the wrist' and that smaller fines are just a cost of doing business.

Ah good. For a second there, I misread the title as 1.63 million, because corporate fines so often end up being little more than pocket change compared to their their massive profits.

Meanwhile in the US

Corporations are people too in the US, can't punish them for an honest mistake.

Also, poor people are not people.

Do it. Make an example of them.

Oh fuck I didn't even think about this. It's gonna the first nuclear use of GDPR

A lot of bigger companies have budgets for getting fined because it's cheaper than actually following regulations. I don't know why they don't fine based on the revenue gained by breaking regulation more often.

Because corporate lobbyists.