I think you’re thinking about this in a very useful way!
If we can narrow down a specific (but broad enough) set of capabilities that we consider illegal to incentivise, then this would be workable.
And yes, when I say “fines as cost of doing business”: this is a very common conclusion that DPOs[1] in Europe come to when asked about the effectiveness of GDPR enforcement.
It’s way too easy for big corporations to just calculate and set off the cost of the fine against the profit margin produced by “the not compliant action”.
Which is why I do support the idea of “banning” dangerous development, and how I started thinking about the definitions to begin with.
I think you’re thinking about this in a very useful way!
If we can narrow down a specific (but broad enough) set of capabilities that we consider illegal to incentivise, then this would be workable.
And yes, when I say “fines as cost of doing business”: this is a very common conclusion that DPOs[1] in Europe come to when asked about the effectiveness of GDPR enforcement.
It’s way too easy for big corporations to just calculate and set off the cost of the fine against the profit margin produced by “the not compliant action”.
Which is why I do support the idea of “banning” dangerous development, and how I started thinking about the definitions to begin with.
Again, really useful comment!
Data Protection Officers