| This is wrong, and even revenue isn't sufficient - you want to fine a sizeable fraction of the total value of all assets of the company based on the scope, duration, and severity of the violation. Companies don't protect user data. They store, silo, and secure user data for as little cost as possible. No meaningful consequences means they will continue to harvest and disperse user data at an increasing rate until we get serious about requiring responsible practices and accountability. The risk of being bankrupted is what will keep a corporation behaving well. Penalties should be fatal to a corporation. If Microsoft or some random new startup had to follow the same regulations and protect user data to some bare minimum standard, and we apply the same degree of penalty, rather than some arbitrarily large fine which the mega corps are happy to pay, we can affect behavior. The big companies have teams of lawyers who effectively (and sometimes explicitly) collude with the beancounters and MBAs to enshittify their products and services and milk every last drop of revenue, even exploiting the data of non-customers who just happened to encounter some peripheral surveillance apparatus. We need to protect individual data privacy and restrict anything except informed consensual tracking. We need to mandate ephemerality and basic security standards. We need to make violations of these regulations lethal to a company, and impose mandatory minimum jail time for c-suite offenders. Anything short of this results in overt, blatant, repeated violations of the laws by the big companies because they're happy to pay $5m or even $50m if it means they extract $500m more revenue and lock out any potential disruptive competition. This would effectively mean that giant platforms which cannot responsibly store and manage user data would not be able to continue operation at the scale they're at. It would mean fragmentation and decentralization of various services, disincentivizing monopoly, improving market health, driving product and service progress. Without harsh and extreme consequences that are as meaningfully painful to FAANG sized megacorps as they are to a one man startup, the problems won't ever be resolved. FAANG and tech outpaced regulation, resulting in effectively the total pwnage of data for more or less every living human on the planet. This is unacceptable, and the only way it changes is for the US to drop the hammer on the exploitive and irresponsible practices that led us here. Let these asshats go bankrupt. We don't need Meta or Alphabet or Amazon. They're not entitled to screw the world for profit. If they can't operate ethically and responsibly, then they shouldn't be allowed to operate at all. |
1. The goal of the fines is to act as a deterrent and to encourage companies to get back into compliance.
2. The arbiters aren't operating in a vacuum. Bankrupting services that the citizens of a country rely on is unpopular and not in service of goal #1.
3. We know that this is the case because Uber and other ride sharing services were able to violate the law and convince voters to have the law changed to permit these services.
4. Fines impacting net revenue are dealt with seriously by companies when they are adequately large, e.g. 10% of net revenue. Compliance departments are not funded as a job creation or charity exercise. When companies report earnings, these fines frequently determine whether earnings guidance is achieved. This impacts company officers' compensation.
tl;dr, you passionately believe in these views, but it is not one held by the majority. Your minority view should not be the basis of public policy.