Hacker News new | ask | show | jobs
by munchbunny 2669 days ago
It doesn't. Those numbers are upper limits. Just like with traffic tickets and other fines, the actual amount is left to judgement.
1 comments
Mirioron 2669 days ago
If this were true then why have upper limits at all? The only reason I can think of is to protect large corporations.
link
dragonwriter 2669 days ago
> If this were true then why have upper limits at all?

Because while the rulemaker believes that there is a range of potentially reasonable judgments based on particular circumstances, they do not believe that range is unbounded.

> The only reason I can think of is to protect large corporations.

The fixed minimum upper limit of $20 million is actually probably to prevent (or limit the effect of) large corporations using smaller subsidiaries and fancy accounting for GDPR-risky activities, rather than the upper limit protecting large corps.

link
munchbunny 2669 days ago
For two reasons:

1. To prevent cruel and unusual punishment.

2. To set expectations about the seriousness of the infraction in the eyes of the law.

I am not a lawyer or a legal scholar, so I'm sure there are more reasons.

link