> Verizon chose to pay fine, giving up right to jury trial
40Million fine is a cost of doing business, but my question is if people's data was sold without consent, why is a class action not taken against them? Where is the right of the injured party here ?
[0 ]https://www.verizon.com/about/investors/quarterly-reports/2q...
But, let's push that fine up to $40 billion US (with a b) and see what happens. If we need to go harder, let's add some enforceability, too. Maybe they have 1 year to pay it or lose the right to do business in the US (or whatever country) for 12 months? Get creative with the pain, but cause it none the less.
Walk softly, but carry a big stick.
Or a percentage of the global revenue. That's basically the EU's GDPR directive.
Worked wonders. US should try that too once it's back on a citizen-friendly path again...
> Worked wonders.
Unfortunately the GDPR is mostly toothless considering that the fines against Meta and Amazon were basically nothing. Certainly nothing close to a "percentage of global revenue".
Honestly, the whole thing seems aimed at just shaking down American tech companies to try to collect some additional revenue to keep funding the EU bureaucracy.
The system only exists to preserve itself.
Not if you follow the cases as they happen. You probably think of the USA companies (and even then only a subset) being fined because those are both the biggest offenders and the ones with the most money, in addition to being the most well known.
https://en.wikipedia.org/wiki/Availability_heuristic
But they are far from being the only ones affected. noyb pursues cases all over Europe too.
A quick Google-search tells me Meta's Europe Revenues in 2023 were 31.21bn USD, so the fine was ~3.5% of their Europe revenue at least (but yes, lesser on their global revenue).
Either way, the purpose of GDPR is not to earn money, but to reach compliance to the guidelines. The directive didn't fail if a company wasn't fined for not being compliant, it's the lever to reach compliance.
> Honestly, the whole thing seems aimed at just shaking down American tech companies to try to collect some additional revenue to keep funding the EU bureaucracy.
There's a world outside of US as well, even within Europe.
Companies whose main business is to deal with personal data are of course harder to transform, but it's hard to overstate the impact GDPR already had on the huge mass of companies who DON'T primarily deal with personal data.
Many People on here who worked in a larger company when GDPR became effective have seen the seismic impact it had on how PI/PII data is being handled. Suddenly companies asked themselves whether they REALLY need all this PII in all those different data silos across their operations.
GDPR isn't perfect, the EU isn't perfect, but with GDPR the EU made a leap forward in Private Data Protection.
I think the only thing most people are seeing are the absolutely obnoxious cookie banners spewed across the entire world wide web. I think a lot of people truly believe that the EU single-handedly ruined the internet. And now they're attempting to impose even more misguided laws on themselves with chatcontrol nonsense.
I think it's fine to let them do it, as long as the mess stays in the EU.
Even they can't help themselves thirsting for users data at the expense of ruining their websites.
My thinking is that if a data protection office did not fine Meta or Bytedance in a given year, heads would roll. It's a revenue collection device.
Not sure which field you work in, but this is already in contradiction with the fact that those companies aren't simply fined spontaneously.
The fine is the outcome of an investigation that started with an inquiry to the company, possibly based on a complaint.
In case of the 1.2bn EUR fine for Meta, the process took YEARS of investigation [0], and the company was fined because the GDPR-violating transfers were "systematic, repetitive and continuous"
[0] https://www.edpb.europa.eu/our-work-tools/consistency-findin...
This is nonsense, the Irish DPC have been criticised (mostly correctly) for not being hard enough on Big Tech.
Instead, start revoking their spectrum licenses.
How much did they make selling or otherwise monetizing location data?
Are you for real?
This is coming from someone with a great interest in privacy, enough to know that advocates purposefully conflate privacy in the sense of limiting government overreach and privacy in the sense of limiting the spread of embarrassing information. I want the former and the latter, but neither really interacts with advertising, in an intellectual honest way. If only data were as valuable as people thought it was.
This is a really unpopular opinion and I'm sure it will be downvoted so, you know, there's that. You've "won." If someone could figure out the harm maybe there would be a regulation. It's been a long time and there still isn't, so you can't just wave your hands around and say, corruption, because there are actually a huge number of laws, simply colossal, and I cannot believe that the position you believe in is so true but so corrupt as to have exactly zero consequences for substantive torts.
It's simply down to lack of consent, other tech companies will do the same, after you agree to intentionally over complicated TOS'. And there are examples of collected analytical data being used for nefarious purposes, namely Cambridge Analytica comes to mind. This was collected without consent. Being manipulated and in cases outright lied to into something is being an injured party.
It is an unpopular opinion, but its because it should be. If verizon have a data breach and all that collected information about you is used without anyone even knowing. These things happen, correlating your banking information for example with your personal information happens all the time. A goldmine for social engineering.
Okay, I mean some medical studies collect data on millions of people, and those datasets too have the potential that, due to security arcana, can be data breached. Does that mean I should be able to sue all medical studies for collecting data on that potential? Of course I support some kind of penalties for data breaches, but you see that it something entirely different from, "data collection itself causes harm." You just can't show that...
You cannot agree to a contract that makes you a slave (at least not in most countries). A contract to kill someone is illegal. There are a lot of less obvious things that are not allowed in contracts. (see a lawyer for details)
(Incidentally, even the term "telecommunications service" only encompasses voice call service, not mobile data or SMS. The FCC tried to reclassify Internet access as a telecommunications service during the Obama and Biden administrations, in order to get authority to impose net neutrality rules, but it was ultimately overturned in court.)
Basically Title I = old POTS systems and radio. VZ does take it very seriously. Title II = Cell/ISP rules. VZ is kinda playing fast and loose with it. Just like what all advertising, ISP companies, and web providers do.
Honestly the right way is to stop reinterpreting (thru the courts and regulations) the rules depending on who is in charge that day and have congress hammer out what is and is not allowed.
Ajit Pai undid it, a court said reverting was fine because DNS.
Biden FCC took forever to reclassify and then lost in a Trumpy circuit court. Advocates didn't appeal largely because the courts are so screwed now and don't want an awful Supreme Court ruling.
But it's very clear for the law that internet communications actually are telecom, and I suspect we'll see this revisited in the future
I wonder if those helpful text messages from some company can locate you?
I've heard that tow truck companies can find your location because it is somewhat like and emergency.
by the way, verizon is just plain evil.
I remember years ago when they would add identifying cookies to all web requests outgoing from your phone to identify your specific handset. (search "verizon supercookie")
I've heard that tow truck companies can find your location because it is somewhat like and emergency.
Source: https://www.fogdatascience.com/
I'd be surprised if Verizon and the other companies haven't made more than enough money by breaking the law back in 2018 to rake in a nice profit even after the fines they're trying to weasel out of paying now.
I have no doubt that they're still selling our data one way or another anyway. We know for a fact that they've never stopped selling data to to law enforcement, they just require a rubber stamped court order/subpoena to do it.
[denied because…] > Verizon had, and chose to forgo, the opportunity for a jury trial in federal court.
Anyway, this practice should be criminalized with companies and their employees receiving criminal penalties like jail time.
Besides, one reason why they can be coerced is because these actions aren't clearly illegal. If they are, the employee can just report what they're being asked to do to the police. Workplace safety has been dramatically improved in western countries simply by making many unsafe practices illegal and creating entities to report illegal work to. While this did require criminal charges for some managers and employees, because safety has improved so much, they're really not that common.
I remember when I had workplace safety training as a poorly paid university lab monitor. They made clear that I had potential criminal legal liability if I allowed egregiously unsafe things to happen. So they didn't.
And legitimising this is appropriate. The only other position -- requiring people to behave in a way that doesn't meet their basic needs for survival -- would be inappropriate. It is the responsibility of those in power to prevent society from degrading to a point where police are forced to be violent in order to keep their jobs.
If you study game theory such as the prisoner's dilemma, you'll understand that these are perverse incentives where actors are certainly "rational" given their constraints, but the overall system is harmed. In a feedback loop such as society, this can have a runaway effect until eventual societal collapse.
> legitimising this is appropriate
For who? Who decides this?
> It is the responsibility of those in power to prevent society from degrading to a point where police are forced to be violent in order to keep their jobs.
Maybe you now understand why this is circular logic. If those in power are just doing what they "have to do" in order to keep their job and survive, and civilians do what they "have to do", and police do what they "have to do", the buck gets passed to no one. Every single culpable party gets to say it's not their fault or their responsibility to introduce structural change through personal sacrifice.
CEOs, CTOs, etc. of organizations with the budged of small countries can be stupid, unknowledgeable and reckless and there are no consequences (unless it affects shareholders money). Executives should be held legally accountable of the damage that their companies do.
Accountability is required for a civilized society. When the people with the most power do not need to follow any rule we get into anarchy and chaos. Just watch the news to see that it is already happening.
If it's greater than the fine, and they suffer no other consequences (e.g. nobody goes to jail) then the fine is just cost-of-business.
The fine must be greater than what they made, AND some executives or management needs to be held responsible - at least fired.
Otherwise it will just keep happening.
https://ia801804.us.archive.org/26/items/gov.uscourts.cadc.4...
The bigger issue is that every telecom treats location data as an asset class. If you think a court ruling will make them suddenly respect privacy, I’ve got a bridge to sell you. They’ll just bury consent deeper in the UX until it looks indistinguishable from compliance.
It's just a matter whether this data contains PI (=Personal Information) or (!) PII (=Personally Identifiable Information --> Information that can be combined with other data to create PI).
The EU GDPR (here mostly known for consent-popups on websites it seems) allows companies to keep this kind of data but requires very strict governance and user-consent if the data contains PI or PII.
And everyone who worked in a larger company at the time of enforcement saw the wonders it did. Suddenly whole departments reviewed the amount of data they collect, and found there was a huge portion of telemetry data that was actually NOT needed to preserve this asset-value (Names, Addresses, Serial numbers, etc...)
It was co-founded by John Doyle who led Palantir’s national security business before starting this company. I think this comment best describes why Cape was started in the first place:
"Cape is not disclosing valuation, but it’s notable that the funding is coming at a time when startups building military, defense, and security services are getting increased focus and priority at a time when geopolitics are shifting.
While many of those shifts are playing out at a much higher level involving wars, espionage against officers and officials, and major contacts between outsized industrial entities, Cape’s products and its growth are one of the rare examples of how some of that evolution is playing out at a consumer level"
source - https://techcrunch.com/2025/03/19/cape-opens-99-month-beta-o...
Ultimately, I still want to read up on them before considering making the switch.
That being said, I have a significant amount of flexibility. The data can be completely anonymized by stripping out the names, addresses etc. The location can be blurred by some radius that's roughly the size of the local census blocks groups. In other words, the location should be random enough to mix together 500-3000 people. The time can also be blurred by a radius of about a week or so. Options like differential privacy are encouraged.
The goal is not to track individuals, just get a rough measure of where they spend their time.
First, does anyone think this is a bad or dangerous set of data?
Second, if not, can anyone point me to some data brokers?
The only way to be able to get something like that passed will be if we can repudiate the money-first, Christofascist, rule-by-fear ideologies and positions that currently hold sway over one of our two viable political parties.
Correct. Clear, opt-in informed consent to use personal data is the fundamental principle of the GDPR. As it should be. I'm puzzled why you think this is a negative.
> and people can evade privacy with impunity.
Certainly not. The GDPR does not permit data trawling or allowing data controllers to do what they like with your personal data once they have it. It must only be used for the purpose it was requested for.
> ugly cookie banners
Once again, there is no requirement for 'cookie banners'. You are free to use whatever cookies you want to run your site. HOWEVER, if you are using those cookies to track me (advertisers take a bow) then you need my clear, opt-in informed consent to do so. And so you should!
I continue to be astounded at the ignorance some people have of such a vital privacy law; one that is fundamental to modern data use and respect for the customer.
You might want to read the privacy policies of some of the European fintech and ad-tech companies (nb: I've worked at some of them). They cast a wide blanket over all purposes.
At best, the GDPR only introduces a minor indirection, the problem of hoodwinking the "data subject" into clicking the accept button. At worst, it gives them false sense of privacy, where there isn't much.
True. Some people are daft enough to opt-in and click the "accept cookies" and "give my personal and location data to strangers" buttons. These people don't care about privacy and are beyond help.
> At worst, it gives them false sense of privacy, where there isn't much.
Those of us who bother to understand and use privacy law have very good protection thankyouverymuch.
stores scan your phone radio and also aggregate this data to map your store visit.
this was all done with credit cards in the 50s and then outlawed, hence: reward programs.
so, can't wait for Verizon to offer a cell coverage reward program that is nothing but a waiver to your data, just like reward programs from credit cards of yore.