[hkh28]

GDPR fines are set among other things according to the resources of the entity that broke the rules. As a private person making a side project, you won't be liable for millions.

The most recent examples of individuals being fined have been fines around €200 [0]

[0] https://gdprhub.eu/index.php?title=ANSPDCP_(Romania)_-_Fine_...

[amichal]

This[1] site seems to track actual fines. I found maybe a dozen fines of individuals. Here is the largest fine of a 'private person' I could find: https://www.enforcementtracker.com/ETid-69. If the database is at all accurate and the description of the violation is correct I would say they were well into Criminal territory and not civil fines. [1] https://www.enforcementtracker.com

[jchw]

The maximums however, are absolutely insane. Am I supposed to just hope that in the range of 0 to €20 million, it’s something I can afford?

[tephra]

Getting a maximum fine not only means that your handling of personal data was especially egregious but that you probably didn't cooperate in any ways with the relevant DPA and refused to rectify the problem.

I.e the maximum fine is highly unlikely for anyone to get, and if you get it you have done some very bad things.

[jchw]

Yes, and what the GDPR crowd is telling me is that I should just trust the EU to always act fairly and never engage in any kind of politically motivated subterfuge.

And not only that, my concerns and dissent regarding GDPR piss people off so much, that at this point, every comment I post just gets downvoted immediately. Now I realize it’s against HN guidelines to discuss this, but when I post a comment and the delay it takes for me to return from the post page is enough for my comment to already have a downvote, I feel discouraged. It’s very clear the person who did that had no good faith intent on a discussion nor intent to even minimally read my comment. And I’m supposed to try to argue my points in good faith despite this.

The pro-GDPR crowd may be winning the mindshare but they are inheriting the cancer of something not allowed to be criticized. And if we ever do see an egregious fee driven by political motivations, am I supposed to feel smug for having predicted the possibility or sad that my mere expression that the default maximum fines are so ridiculous that they basically terrorize anyone who is not a multinational corporation turned out to be well-founded?

All I ever asked for was for people to recognize the chilling effects that this regulation can have. The internet used to have so many small websites, forums and wikis, and many of these fall under the umbrella of GDPR. And this is basically the treatment I get for trying to represent this dying breed of website: as some corporate shill worth being buried and not considered.

It’s not like I care that much about being with the mob, but it pains me that as the open internet gradually dies, people flat out just don’t care. GDPR as it is today is just represents a huge amount of risk for anyone that is not a multinational corporation, and it only gets scarier the further down you are. I’m sorry but just telling people to not worry about how the law is written will not work. Some people will ignore it, some people will try to follow it, and some people will just stop trying altogether deciding the risk simply isn’t worth it. And that latter part is most likely to occur for websites that are more objectionable, since they will likely face harsher treatment just due to cognitive biases alone, since we’re talking about considerations that humans make rather than the word of law.

[tgsovlerkhgsel]

No, you're supposed to hope that the legal system will apply the law fairly and correctly. The law does NOT say that they can fine you 20 million Euro. The 20 million is an upper limit on a fine, but the law also specifies how that fine is determined, which _by definition_ is "something you can afford", because that's literally one of the factors.

[Ekaros]

Maximum fine is there for large corporations. If it wasn't specified at atleast that range many of them would ignore or knowingly break the legislation. And in general checking for many crimes the upper end of penalty is pretty big. Like DUI here could mean 2 years in prison. Though that is exceedingly rare.