If we take the Equifax breach as an example here, and every person affected sued for even a very modest amount (say $10) and everyone wins their cases then we come to something like $1.5bn in damages, plus legal costs. Sure, that will probably work in that $10 is a gross underestimate, Equifax's market cap is ~$15bn, and their legal costs defending that many cases would be significant.
However, consider that it is very likely a small minority of those ~150m affected people are actually in a position to spend the time, money, and effort in actually suing and you end up in exactly the position you are now: Equifax doing fine and suffering no penalty for their actions. Class action suits aren't really a better suggestion either because they are typically settled for pennies-on-the-dollar, with the lion's share going to the lawyers anyway.
Suing might make sense where there's a small number of affected people, or where the damages per person are much higher, but when we're talking less than $1,000 damages per person it's really just not worth each individual's time or money to do so. This is _exactly_ the kind of thing regulation is good at protecting against.
Things are actually even worse than you describe. There's been constant action to restrict the use of class-action lawsuits and move towards arbitration instead.
Class-action lawsuits are the best tool we have -- even if the money each individual gets as part of a settlement is a pittance, in aggregate they do give companies at least some disincentive for unethical/illegal conduct.
While I don't disagree that they're effective, I'd say "best" is not true. They're not any more effective than (enforced) regulation. The only difference is where the money ends up -- private sector lawyer pockets or the public coffers. All else being equal, I'd rather the latter.
Good luck suing Equifax because you couldn't buy a home with a mortgage because Equifax had a record of you having a "low credit score" using data they collected on you that you didn't consent to. The data Equifax collects on you is both damaging and non-consensual.
Assuming the data collected are not in error, you mostly did consent to it. Read the fine print of any lease, loan, or other credit agreement. They almost all say they will report payment history (particularly late or non-payment) to credit bureaus.
They almost all say they will report payment history (particularly late or non-payment) to credit bureaus.
If that was the only data reported to credit bureaus, that would be great.
But "reputation data" is increasingly becoming important in this sphere. Are you Facebook friends with people with a low credit score? Do you drive through a dodge neighborhood on the way to work? Do you watch the wrong kinds of movies? Buy liquor? Stream the wrong shows?
It's all up for grabs, and with the "credit score" formulae locked up as trade secrets, there's no way to determine if your mortgage denial was because you were one day late with a cell phone bill, or because you stop at a red light next to a pawn shop enough times that your phone thinks you're a regular customer.
The FCRA gives you the right to know what is in your file
In addition, the FCRA gives you the following rights (not inclusive):
-You must be told if information in your file has been used against you. Anyone who uses a credit report or another type of consumer report to deny your application for credit,
insurance, or employment – or to take another adverse action against you – must tell you, and must give you the name, address, and phone number of the agency that provided the
information.
-You have the right to dispute incomplete or inaccurate information
-Consumer reporting agencies must correct or delete inaccurate, incomplete, or unverifiable information.
-Consumer reporting agencies may not report outdated negative information. In most cases, a consumer reporting agency may not report negative information that is more than
seven years old, or bankruptcies that are more than 10 years old
"Speech should be free and unlimited!!!.... Well, unless the topic of the speech is me, then I should be able to control 100% what what other people are saying about me, of course."
How you gonna sue someone for saying things about you that are true? That's not a thing (for good reason). Would you also sue a friend if you borrowed money from them and didn't pay it back and they warned others not to lend to you? Imagine how much a judge would laugh if you showed up to court saying "I didn't get a mortgage because I have a history of not paying my bills, I deserve compensation."
Nonsensical.
That's ignoring the fact that you actually consent to data sharing as a condition of obtaining credit products. And that's a reasonable condition with a business justification.
In the US it's politically infeasible to have any sort of government agency to collect this information, so it falls on the shoulders of private companies.
The data Equifax has on me is the exact opposite of "damaging." Because of data sharing I'm eligible for a broad range of credit products that I have gotten tens of thousands of dollars in value from. On top of that the information they collect about me allows me to pay a very small premium for car and home owner's insurance.
> Hacker News be like: "Speech should be free and unlimited!!!.... Well, unless...
This isn't a real argument unless you can show that the one person you're actually responding to has held both these positions. This is just a forum where a bunch of people opine; it's not a political party with a documented set of beliefs.
However, consider that it is very likely a small minority of those ~150m affected people are actually in a position to spend the time, money, and effort in actually suing and you end up in exactly the position you are now: Equifax doing fine and suffering no penalty for their actions. Class action suits aren't really a better suggestion either because they are typically settled for pennies-on-the-dollar, with the lion's share going to the lawyers anyway.
Suing might make sense where there's a small number of affected people, or where the damages per person are much higher, but when we're talking less than $1,000 damages per person it's really just not worth each individual's time or money to do so. This is _exactly_ the kind of thing regulation is good at protecting against.