Well Meta was fined 1.2bn Euro in 2023 for violating GDPR guidelines, the latest being another 91m Euro in 2024 IIRC, making the total so far somewhere along 2.5 billion euros.

A quick Google-search tells me Meta's Europe Revenues in 2023 were 31.21bn USD, so the fine was ~3.5% of their Europe revenue at least (but yes, lesser on their global revenue).

Either way, the purpose of GDPR is not to earn money, but to reach compliance to the guidelines. The directive didn't fail if a company wasn't fined for not being compliant, it's the lever to reach compliance.

> Honestly, the whole thing seems aimed at just shaking down American tech companies to try to collect some additional revenue to keep funding the EU bureaucracy.

There's a world outside of US as well, even within Europe.

Companies whose main business is to deal with personal data are of course harder to transform, but it's hard to overstate the impact GDPR already had on the huge mass of companies who DON'T primarily deal with personal data.

Many People on here who worked in a larger company when GDPR became effective have seen the seismic impact it had on how PI/PII data is being handled. Suddenly companies asked themselves whether they REALLY need all this PII in all those different data silos across their operations.

GDPR isn't perfect, the EU isn't perfect, but with GDPR the EU made a leap forward in Private Data Protection.

▲

petcat 3 days ago | parent | next [-]

> GDPR became effective have seen the seismic impact it had on how PI/PII data is being handled.

I think the only thing most people are seeing are the absolutely obnoxious cookie banners spewed across the entire world wide web. I think a lot of people truly believe that the EU single-handedly ruined the internet. And now they're attempting to impose even more misguided laws on themselves with chatcontrol nonsense.

I think it's fine to let them do it, as long as the mess stays in the EU.

▲

account42 2 days ago | parent [-]

Then those people are fools who would gladly let in the wolves just to stop them from banging on the front door. The correct response to cookie banners should be to ask why companies are so willing to ruin the user experience in order to be able to track data of even just those users who accept the banner (willingly or not).

	▲	petcat 2 days ago \| parent [-]
		The EU's own government websites are also littered with the cookie banners. Even they can't help themselves thirsting for users data at the expense of ruining their websites.

▲

johndhi 3 days ago | parent | prev [-]

I work in this field and disagree with a lot here.

My thinking is that if a data protection office did not fine Meta or Bytedance in a given year, heads would roll. It's a revenue collection device.

	▲	rickdeckard 3 days ago \| parent \| next [-]
		> My thinking is that if a data protection office did not fine Meta or Bytedance in a given year, heads would roll. It's a revenue collection device Not sure which field you work in, but this is already in contradiction with the fact that those companies aren't simply fined spontaneously. The fine is the outcome of an investigation that started with an inquiry to the company, possibly based on a complaint. In case of the 1.2bn EUR fine for Meta, the process took YEARS of investigation [0], and the company was fined because the GDPR-violating transfers were "systematic, repetitive and continuous" [0] https://www.edpb.europa.eu/our-work-tools/consistency-findin...
	▲	Yeul 3 days ago \| parent \| prev \| next [-]
		You could respect user's privacy but let us be honest that would make less money and the 1.2 billion is a slap on the wrist.
	▲	disgruntledphd2 3 days ago \| parent \| prev [-]
		> My thinking is that if a data protection office did not fine Meta or Bytedance in a given year, heads would roll. It's a revenue collection device. This is nonsense, the Irish DPC have been criticised (mostly correctly) for not being hard enough on Big Tech.