It's amazing how defeated we are as citizens and consumers. Ideally we wouldn't hear that GM is just walking this back, but that GM executives who cooked up this scheme were already indicted and facing serious federal prison time. Selling personally identifiable tracking information like this is akin to AT&T selling recordings of all your voice calls to the highest bidder.
More like, AT&T selling location and tower tracking data, linked to your identity and unique phone info, such as GSM Sim serial numbers and so on, which can be linked to your phone. And even if you use pay-as-you-go SIMs, if you use a credit card once, your real-world ID is linked to the phone.
And even selling services like alerts when such providers move out of a geo-located region, a person's domicile, and so on.
Of course, that'd never happen... right?
I agree that this -- all of this, needs to be defined as criminal activity. That once such laws are passed, boards of directors, and executives face jail time, should they breach such laws.
What we'll likely need, in the end, is a mandated CTO position, with responsibilities and duties akin to a CFO.
If you don’t set high expectations and hold decisionmakers accountable to the consequences of their decisions, why would you expect the quality of their decisions to be high rather than merely expedient?
It sounds like the pay for that position should be high enough to compensate for the risk, and that the penalty for failure should be consequential enough that only people with the talent, skills, and judgment to be confident in their decisions would take the job.
The financial people have skin in the game in the form of this kind of personal legal liability, and that seems to keep the financial shenanigans mainly on the “obscure but within the letter of the law” side of the line no matter what kind of pressure the CEO might bring to bear to cook the books.
When security and technical governance are a cost center and compliance is optional (or, at worst, a potential PR threat)—and when privacy has no concrete value but data does—wouldn’t it be bad business not to monetize the data and be quiet about it so as to minimize the PR threat?
Part of the issue is how we are conditioned by the ruling class to use benign words like "interesting" when we know more accurate words would convey passion, meaning, and actual anger towards those who want our data.
A fine is just a license fee to break the law. Shut down their business for X months/years, instead, require them to continue wages for their lower level employees and remove any management directly connected with the violation of privacy.
Unless we make the penalty extremely harsh, change will not happen in this instance. The selling of PID is far too profitable to be deterred by mere fine
GDPR fines grow to up to 4% of global revenue if a company keeps infringing on it, and they are applied over and over again if the behaviour doesn't stop. Taking a 4% global revenue fine is not something a company can do many times, it doesn't become just a cost of business, it has material impact.
4% of the global revenue is not 4% of profits. In a lot of sectors, this can actually destroy a company.
GM has 10B profits for 170B revenue so we are talking about 70% of their annual profit. Not enough to destroy the company but certainly not small for a single violation on a subset of their customers. For tech companies however, 4% is less threatening.
As I understand it, we are talking about 4% per country of the EU, which in many cases can destroy profits made in a country for years and can certainly wipe any profit made from selling that data.
> Sure, it'll have a "material impact" at only 4%, but a determined company could just do it anyway. This doesn't actually force them to stop.
Q1 the company is hit with a 4% fine of global revenue, let's say it's Meta with its US$134 billion of revenue, the fine is US$5.36 billion, they don't change course and Q2 gets hit with another 4%, then Q3, then Q4 ending the fiscal year with ~US$22 billion of fines, that's 56% of their net income, it's an absurd amount that no shareholder will be happy about. Let's say they continue even after that, major shareholders will be up in arms about how the fuck can management be allowing 56% of their global net income to go to the EU's budget through fines.
If it gets egregious enough and some company does think they can continue the infringement and bad behaviour the EU will just roll out another regulation to kneecap those companies even harder.
I agree with you that companies need to feel the heat to behave, if not then we just get the unethical/immoral branch of capitalism, at the same time the system right now is dominated by these elite capitalists which will fight tooth-and-nail to avoid any kind of punishment through legislation, get too harsh too quickly and we will see those we are trying to punish banding together to fight whole governments to push their agenda, they have the power to do it you just have to look at the USA to see how much mega corporations can bend a democratic government to their will.
I don't think Meta is a very good example here. The shareholders can be up in arms all they want, but they can't do anything about it, since Mark Z. can tell them to go pound sand. If he wants to drive his company straight into the ground, he has the legal ability to do that, since he owns a majority share.
nor should we, because we can't yet regrow chopped off limbs. 100% is clearly excessive, but when the fine is simply money, which corporations can "regrow", then they're just the cost of doing business. Like speeding tickets are just fun tax for car enthusiasts, rather than an avidly deterrent, or how parking tickets are just the cost to pay to park somewhere you're not supposed to, instead of not parking there.
something more incentivizing than a mere fine wants to be levied upon corporations to get them to follow the law, rather than just saving up money to pay an expected fine.
My thought up reply got eaten by an unexpected refresh so here is a shorter version: boy, not complying with the regulations sure paid off for Apple and their Lightning cables huh?
Also speeding becomes reckless driving (with jail time) and parking in dumb places gets your car towed (and possibly damaged) so banking in money to avoid rules isn’t always exactly a winning strategy.
Ah. So non-monetary fines, getting jailed, and getting towed, are additional incentives to not to the behavior? So fines aren't sufficient to disincentivze a behavior? Hmm.
I replied to a post that advocated basically death penalty for firms that such penalties are inhumane. I can’t really put my finger at what you’re insinuating my position is and how you arrived there.
But, putting on my economist hat; I can assure you that exponentially increasing fines will at some point create enough deterrence against such actions. Or better yet, it will be socially optimal for those idiots to keep breaking rules.
legal consent in GDPR needs to be understandable, can not be hidden in any way, and easy to remove.
The common lawyer's hack of hiding it in a big long unreadable contract won't cut it, and should lead to fines.
Everybody talks crap about the GDPR, but as someone who, while not a lawyer, has worked on technical laws and standardization, I gotta say they really did a great job on not letting any companies have an easy out.
The GPDR doesn't solve exactly this, because GM is an American company selling American drivers' data to other American companies. The GPDR is irrelevant here.
>but that GM executives who cooked up this scheme were already indicted and facing serious federal prison time.
This is not remotely close to having your personal phone calls recorded and sold. Not even close.
Guess what? Your terrible driving habits put me and my family at risk, so I'm not up in arms if your insurance company knows about it when you aren't pretending to drive safely in front of a police officer. If you continuously break laws and can't afford insurance, everyone wins (but you).
Did GM overstep? Probably. People complained and it's rectified. The idea that you want to throw executives in prison for a long time for this is beyond absurd.
My insurance company knowing how aggressively I drive, vs someone knowing exactly where I am, is an important distinction to make. Knowing that I'm doing 110 and weaving in and out of traffic and putting you at risk is one thing. knowing that I don't do that and am driving safely but knowing which 7-11 I'm parked out in front of, is not.
Jail time for executives is how to incentivize corporations to behave a certain way beyond leveling fines. Look how quickly Craigslist closed their personals ads after FOSTA was passed. I don't agree with FOSTA, and think it does more harm than good, but jail time for executives is not absurd. I don't want people I don't know tracking my exact location, it's as simple as that.
If your CTO will say: next quarter we will start to record and sell user's data. Will you start working on the implementation or sign the resignation letter?
You asked what I would do, and I answered. Other people will have other answers based on their own situations, of course. I truly pity anyone who feels compelled to stay in a job where they have to contribute to the abuse of others.
I will say, though, that it's not a matter of luxury. I have left jobs on principle when leaving them meant I suffered financial hardship.
If they gave me the pay, the options, the benefits the "we developers" round here expect these days I would happily harvest anything they asked from their customers.
I poked around and found this [1] guide to terminating the OnStar antenna. It’s great because it is non destructive and easily reversible. I ordered the $7 of parts and made the modification yesterday ironically. No more watching
GM didn't announce it was stopping the sale of driver data, only that it would no longer sell to the 2 data brokers implicated in passing the data on to insurance firms:
“OnStar Smart Driver customer data is no longer being shared with LexisNexis or Verisk,” a G.M. spokeswoman, Malorie Lucich, said
Really? Well then someone is super crazy incompetent. You fired them already right? Whoever decided to do this in the first place, they're shitcanned for doing something so diametrically opposed to the companys priorities right?
Reminds me of cookie banners. "Your privacy is important to us!" and then they present you with a dialog that nudges you to consent to sharing your data with hundreds of companies.
Independent of the data privacy question, I think it is good to make unsafe drivers pay more for insurance. Safe drivers should not have to subsidise their insurance.
You're assuming these monitoring devices are actually capable of observing the quality of your driving while being cognisant of the particular conditions of the road at the time you made a decision to do something it algorithmically deemed "unsafe".
For a while I used an insurance company in South Africa which rewarded "good" driving, you'd need an app installed on your phone which would use Bluetooth to communicate with a little device you'd put on your windscreen.
They were very clear that the monitored results would never be used to affect your premiums or used in the event of an accident, however, if you drove "badly" then you'd get less rewards. One of the rewards options was cashback on money you spent on fuel (from particular partners), the percentage being more or less depending on how "well" you drove.
Something it used to rate your driving was accelerometer readings which would be used to identify possible "harsh" cornering, acceleration or deceleration.
However, the thresholds chosen were clearly not very scientific as often I would get penalized for "harsh" breaking at amber lights where my only other option would have been to go through an intersection just after the light changed to red. Worrying about how much cashback you'll lose for stopping at a red light is not something that encourages "safer" driving.
Aside from harsh breaking, I managed to avoid all other penalizing behaviours, namely: speeding, "harsh" cornering (as I would have to take corners quite slowly, this was likely somewhat annoying to other drivers), not using my phone while driving and generally not driving at late hours.
I landed up changing my insurance company for other reasons, but I don't miss having to factor in "rewards" penalties in my driving decisions on top of trying to be as safe as possible.
> it is good to make unsafe drivers pay more for insurance. Safe drivers should not have to subsidise their insurance
And you know what, that’s a fair deal. If I had strong privacy protections, e.g. open-source code that homomorphically encrypts my driving data and guarantees it’s being used to update a model and then deleted, I’d sign up.
But the offer has to be clear and opt in. And I don’t want to be in a situation where someone borrows my car and I start getting letters about why they visited an abortion clinic in such and such state.
>And I don’t want to be in a situation where someone borrows my car and I start getting letters about why they visited an abortion clinic in such and such state.
How is it any different than someone standing outside the abortion clinic and observing who is parked and who goes in and out of the clinic?
> How is it any different than someone standing outside the abortion clinic and observing who is parked and who goes in and out of the clinic?
Because that person, presumably a law-enforcement officer, is visible and physically in one place. Also, I am describing a hypothetical where a woman in a state where abortion is banned travels out of state to get the procedure. That’s simply not something one can police with traditional tools.
It doesn’t scale well. The insurance company would have to hire an entire army of PIs to snoop around that and every other venue that suggests risk-seeking behavior. It probably wouldn’t pay off.
Braking hard to avoid an animal, another car swerving into your path, or a sneaky-short yellow light are not "dirty secrets" or foregoing traffic codes.
Accelerating, stopping hard? It totally depends on conditions.
We're no more or less safe than we were before monitoring. And this is unagreed-to monitoring, via hidden channels. Let drivers in police states experience this first.
It depends on conditions. You can think of various ways to gather more of them as cars get fancier, and other ways to part exceptions from a habit of bad driving to make sure that any case reported to a human isn't a waste of their time.
Then for what goes through you've got a system to challenge fines already - something completely mandatory in such a system and which can only be achieved in a powerful democratic state
