Many of the "evil US hyperscalers" are headquartered in California, and the CCPA [1] has this exact penalty structure codified in law:
> (b) A business shall be in violation of this title if it fails to cure any alleged violation within 30 days after being notified of alleged noncompliance. Any business, service provider, or other person that violates this title shall be subject to an injunction and liable for a civil penalty of not more than two thousand five hundred dollars ($2,500) for each violation or seven thousand five hundred dollars ($7,500) for each intentional violation, which shall be assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General. The civil penalties provided for in this section shall be exclusively assessed and recovered in a civil action brought in the name of the people of the State of California by the Attorney General.
$7,500 per intentional violation, $2,500 per unintentional.
The CCPA applies to any business, including any for-profit entity that collects consumers' personal data, does business in California (regardless of where it is located), and satisfies at least one of the following thresholds:
Has annual gross revenues in excess of $25 million in its most recent tax year;[11]
Buys, receives, or sells the personal information of 100,000 or more consumers or households; or
Earns more than half of its annual revenue from selling consumers' personal information.[12][13]
Right, the CCPA targets large/semi-large scale data processors. That Wikipedia seems to be outdated, because the law text reads:
> satisfies one or more of the following thresholds:
> (A) Has annual gross revenues in excess of twenty-five million dollars ($25,000,000), as adjusted pursuant to paragraph (5) of subdivision (a) of Section 1798.185.
> (B) Alone or in combination, annually buys, receives for the business’s commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices.
> (C) Derives 50 percent or more of its annual revenues from selling consumers’ personal information.
This alone is enough to apply to most non-trivial apps/businesses where large-scale data harvesting is a huge problem:
> the personal information of 50,000 or more consumers, households, or devices.
Those numbers are maximum fines per violation if I understand the wording correctly ("not more than") while the suggestion was that €5,000 should be a minimum.
In Spain the fines are like 60k for data protection violations, no matter how small you are, and if you’re self employed, you can’t declare bankruptcy and you have to pay the fine with your own personal assets.
Perfect recipe to discourage individuals from innovating. I'm all for holding actual companies with user bases and counsel and insurance and a business model and etc accountable. But "private party just getting started with a bespoke solution was a bit careless or ignorant; luckily no serious harm was caused" should never be financially ruinous.
Or perhaps they want to stop any company that doesn’t want to play by the rules as defined by the laws of society. So doesn’t matter whether it’s a US hyperscaler or an EU wanna be.
This comes from the same website that tells you that the average person commits a thousand crimes every day and that prosecuting criminals is therefore meanie mean.
You wouldn’t even believe the stuff I’ve heard in “startup” and “innovation” spaces about regulation and stuff like government grants.
I usually hear the “we [europe] have some of the brightest minds, we can do anything” and sure, granted, but that’s not the issue and it has never been. Why would those bright minds want to build something in a place that’s so obviously against the very same idea of free competition? Of course they don’t, those who can just flee and those who can’t usually end up building some useless grant-ware in an endless cycle. That’s not to say that we don’t have great startups and entrepreneurs, we do, but I find myself fighting every day against a system that’s built for the state to decide what, when and how citizens must innovate (and live).
No wonder Europe is such a laggard in tech when even software devs write non sense like this.
One one hand they want independence from the evil US hyperscalers but on the other hand they are ready to kill any new company in the EU.