Hacker News new | ask | show | jobs
by vages 1017 days ago
The fines are paid to the Data Protection Authority in Norway. You can read their own press here: https://www.datatilsynet.no/en/news/ The kind of tit-for-tat you’re insinuating rarely happens, if ever. I would expect the fines to enter the state’s finances the same way other a fine for speeding does.

Echoing other comments about how Norway and Denmark are separate countries.
2 comments
nonrandomstring 1017 days ago
Thankyou.

The next question is - if we're hoping to seriously talk about the effectiveness of fines against hostile and uncooperative foreign companies, how does the Norwegian DPA use that money to further remedy the harms inflicted on the people?

That's not a lot of money in the scheme of things. but handing it out amongst everyone doesn't seem useful.

The obvious danger is that the DPA becomes a self-fulfilling entity, in perpetual growth of power and reach, and quite happy if Meta continue to transgress.

Shouldn't Europe use this money to invest in its own social networking infrastructure, thus providing a double-whammy against Meta's misdeeds?

link
nonrandomstring 1017 days ago
That's a really interesting list of cases and fines. They seem really active and mostly to operate internally in De^H^H Norway.

What to do with that money?

Some of the listed companies clearly got fined because their software engineering is rubbish and they made genuine mistakes. Maybe use the money to pay for (and force) those companies to have their programmers trained in better privacy related SE skills?

link
jddj 1017 days ago
One company was fined for changing the password of and then accessing an ex-employee's email account when they left.

Have to think that's pretty widespread behaviour.

https://www.datatilsynet.no/en/news/2021/fined-for-accessing...

link
jononor 1017 days ago
They operate a number of programs to help companies and government organizations to do the right thing wrt privacy. Both awareness building, providing open resources, but also having advisors that one can call and get case by case guidance (free of charge for small things). Of course GDPR has been a priority for a long time, but recent focused efforts also exist around AI. Example (should translate OK to English): https://www.datatilsynet.no/regelverk-og-verktoy/sandkasse-f...
link