SoylentNews is people
SoylentNews
French data protection regulator CNIL, has flagged Facebook with a formal notice to comply with European data privacy laws within the next three months, or face possible sanctions. Facebook is said to now be reviewing the CNIL's demands. The CNIL has argued that the social network is violating multiple data protection laws, including the collection of non-member browsing activities. It also added that the platform is gathering data regarding the sexual orientation, religious and political preferences 'without the explicit consent of account holders.' It noted too that Facebook does not notify users at sign-up of their rights concerning their personal data. The CNIL further accused Facebook of setting advertising cookies 'without properly informing and obtaining the consent of internet users.'
(Score: 4, Interesting) by raattgift on Thursday February 11 2016, @02:17AM
The regulators' goal in most European Union member-states is to make non-compliance unprofitable.
They don't need to threaten "nuclear" responses like a shutdown or ban or the available-under-EU-law 25% of global revenue fine.
They simply have to cause the regulated entity (Facebook, in this case) to absorb the cost of an external forensic audit to determine the increase in gross margins from the non-compliant behaviour (cost here includes cost of any litigation in resisting the audit, plus indemnity against foot-dragging by the regulated entity), plus a fine proportional to that marginal increase, where the proportional target is 1:1 unless there is extremely bad behaviour on the part of the regulated entity.
So, basically, Facebook would be on the hook for the extra profit of not complying, plus -- and this is likely to be a much bigger number -- the cost of digging into Facebook's accounts around the world.
Most global companies that do business in such jurisdictions comply willingly, because the cost of compliance is *less* than the cost of resisting.
A key point here is that there have been about thirty years of coordinated regulatory law in the acquis communitaire, and all the national regulators talk directly with one another, as well as to the European Commission. It is virtually certain at this point that CNIL has the support in principle of its peers and its national government, in the sense that they all agree that the direction of regulation they are taking is reasonable. The front-line regulator (CNIL, in this case) is not acting in a vacuum, and Facebook will certainly know already that losing a hard-fought battle with a front-line regulator is not only expensive in and of itself, but that it balloons rapidly to the whole EU, and to various other OECD states.
"Lying convincingly" runs the risk of being discovered in some future audit; that runs the risk of a criminal prosecution (there is no statute of limitations) of the individuals responsible for the lie, as well as corporate fines that would likely trigger civil actions against the individuals. A typical outcome of criminal prosecution of that nature is a long, and sometimes lifetime, ban on holding various positions in registered companies; lifetime bans on practising law or holding directorships in publicly traded companies are doled out like candy in some member-states.
Finally, the usual approach of capturing regulators by offering former regulators jobs ("advisory positions in the regulatory affairs department") tends to fail thanks to subsidiarity. Doing this for on the order of thirty regulators has so far proven impossible, and it's a strength of European federalism compared to other federal systems with different divisions-of-powers (e.g., the FCC, FDA, USDA, and FAA are all highly captured regulators, with a revolving door between the top level appointees and next-level career management and the handful of large players in the regulated sectors.)
(Score: 0) by Anonymous Coward on Thursday February 11 2016, @09:15AM
This is easily the most well thought out, written, and worded post I've ever seen on Slashdot or Soylent...
Congrats