this post was submitted on 23 Jun 2023
556 points (97.6% liked)

Technology

34989 readers
486 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

Huffman has said, "We are not in the business of giving that [Reddit's content] away for free." That stance makes sense. But it also ignores the reality that all of Reddit's content has been given to it for free by its millions of users. Further, it leaves aside the fact that the content has been orchestrated by its thousands of volunteer moderators.

touché

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 year ago (1 children)

GDPR doesn't create avenues for lawsuits. GDPR is managed by local Information Commissioners Offices, who levy fines.

[–] [email protected] 2 points 1 year ago (1 children)
[–] [email protected] 1 points 1 year ago (1 children)

That doesn't really say that you have any specific action just from having your rights breached. It's not like in the US where you can sue for hurt feelings and get punitive damages - you have to have actual, costed damages to claim for.

The trouble with actual damages is that it's near impossible to prove that the breach of your rights directly caused the damages, if you can even put a monetary value to it. The potential for it to happen is not enough for a claim to succeed. So, in practice, in almost every circumstance the only avenue is a report to the DPA and hope they levy a fine.

[–] [email protected] 1 points 1 year ago (1 children)

take legal action against the company or organisation File an action directly in court against a company/organisation if you believe that it has violated your data protection rights.

That's from the link.

I said, you can be sued for GDPR violations. "Take legal action" = "sue someone".

Also, yes, you can very much sue for emotional damages and real damages due to GDPR violations. The difference between US and EU is that emotional damages in the EU are a few €100 and not a few 1000 or even 10000.

But if you do really leak data (e.g. passwords) and these are then abused for something else, then you are talking about serious costs.

Here you got a link about how the European Court of Justice confirms that emotional damages for GDPR violations is a thing: https://noyb.eu/en/court-justice-confirmed-there-no-threshold-gdpr-damages

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

Also, yes, you can very much sue for emotional damages and real damages due to GDPR violations. The difference between US and EU is that emotional damages in the EU are a few €100 and not a few 1000 or even 10000.

True. But the thing is, a few £100 doesn't really make up for the filing and legal costs. Particularly when there is a chance you won't be successful.

But if you do really leak data (e.g. passwords) and these are then abused for something else, then you are talking about serious costs.

Again, proving that the specific breach led to the abuse and cost is the issue.

Here you got a link about how the European Court of Justice confirms that emotional damages for GDPR violations is a thing: https://noyb.eu/en/court-justice-confirmed-there-no-threshold-gdpr-damages

There is no limit, but that doesn't mean every claim has a potential for massive damages.

In practice, in the EU, it's just not worth pursuing. Being successful is challenging, and when you are successful in the vast majority of cases the payout just isn't worth it.

Meanwhile, a report to the local DPA or ICO or whatever is free of charge. Literally just sending an email or two. Also, if you did have a claim with any reasonable chance of success, action with the DPA would only strengthen your claim.

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

That's what you have Cease and Desists for.

In Germany and Austria (and potentially other European countries, I don't know), the recipient of a cease and desist letter has to pay the fee of the lawyer who sent the letter and also damages, unless they want to go to court over the matter. The price is usually ~€200-500.

These are often sent out in fairly large volumes and are used exactly for this case. Suing for a few €100 is not worth the effort, so you send out written warnings and most people will comply. You only sue in the few cases that won't comply, so that the threat is real.

This is mostly an issue for smaller companies, since a few €100 can really throw off their budget.

Considering that most Lemmy instances are one-man shows that are run as a hobby without any real budget, this is a serious threat here.

Have a look at the map of Lemmy instances: https://lemmy.fediverse.observer/map

A huge part of them (over 1/3) are operated out of Germany, and all of them would be vulnerable to this kind of legal attack.