[smnrchrds]

Wait! I was under the impression that fines due to GDPR are just that, fines. They are paid to the government, not individuals. At most, getting fined due to non-compliance can suggest that if individuals bring civil lawsuits against the company, they may win and be awarded damages, the amount of which depends on how much damages they can prove they have incurred as a result of misuse of their data, not statutory amounts. Is that not the case? Is the fine actually paid to the individuals?

Or are your suggesting that some patriotic legal firms would do all the legwork for free so that the government treasury would get a boost?

[Lazare]

Yes, your understanding is completely correct. Only EU member states can levy fines under the GDPR, and it's likely few will have any interest in trying to fine small businesses. Lawsuits are possible, but only for damages, and good luck showing any damages from a minor technical violation by a small SaaS tool. And without any prospect of large damages from a deep-pocketed defendant, good luck finding a law firm willing to work on contingency.

The whole thing is FUD, although mad props to the people behind the linked service for making a play at profiting from it.

[Matticus_Rex]

I don't have a lot of actual information on this, but the buzz in my privacy professional listservs is that EU courts have been VERY expansive about what constitutes "damage" in related legal spheres, and that those of us coming from a US legal background should not rely on our instincts about what kinds of damage could actually create a cause of action worth suing over.

[DanBC]

No. EU courts tend to define damage conservatively, and people suing for damage normally have to demonstrate actual financial losses.

But it's irrelevant here, because the law isn't based on damages.

[niko001]

Cease and desist letters from predatory law firms are a very real thing, even in Europe. In Germany, entire law firms have been established for the sole purpose of collecting out-of-court settlement fees for small mistakes in websites' legal notices, which they find using automated searches: http://transblawg.eu/2003/10/13/u-s-comment-on-impressumgerm...

GDPR will give them new ammunition on a European scale.

[GordonS]

Your link is from 15 years ago.

[lucio]

No, some firm will ask you to pay $100,000 as private settlement because you make a mistake, or else they'll will have to seek remedy by filing a complaint on the EU courts, potentially costing you around 10M

[yorwba]

But unlike copyright trolls, the law firm in question can't guarantee that paying the protection money will actually protect you from being reported, so there isn't the same incentive to pay. A protection racket only works if the mafia monopolizes the threat, otherwise any random thug could destroy their business.