Not yet because it's not even in effect until May 25th. Then enforcement can begin. But yes, in the legal industry we expect it to be very uneven enforcement. The German regulator may be more worked up than the Spanish one, for example. And again, it's going to be low hanging fruit. Why would a regulator bring an enforcement action against some solo practitioner making $100k a year to maybe get $4k in fines when they can go after Facebook?
"Why would a regulator bring an enforcement action against some solo practitioner making $100k a year to maybe get $4k in fines when they can go after Facebook?"
Because the little guy won't put up much resistance?
"...subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher."
It also says "...the fines imposed shall be effective, proportionate and dissuasive."
"Infringements of the following provisions shall, in accordance with paragraph 2, be subject to administrative fines up to 20 000 000 EUR, or in the case of an undertaking, up to 4 % of the total worldwide annual turnover of the preceding financial year, whichever is higher:"
Proportionate how? That's obviously up to them to decide and they probably mean that large companies like Google will be subject to the 4% instead of 20 million euro. Are you going to bet your life savings that they will fine you 4k euro instead of 1 million euro?
Why would they bother to add the phrase with "whichever is higher" if they were even going to consider a fine lower than 20 million euro? Think about it. They don't care about the fine being proportionate to the downside, they are just worried about it not being strict enough to companies like Facebook and Google.
Really? There is a long list of criteria to consider on that exact page you link, and those will be checked by courts if the DPAs appear unreasonable. I didn't say a 20 million fine is impossible, but it'll need a very good basis.
Yes, the maxima are high, but it's crazy to believe the DPAs will be able (both legally and politically) to hand fines even close to that out left and right, even if you assumed they over night suddenly turn into organizations hell-bent to do maximum damage.
It's weird how people see that maximum amount and somehow believe those will be the norm, throwing all experience with both the DPAs and other regulations out of the window. How many undeserving businesses have been fined to death in other areas (financial regulation, environmental protection, ...) and why should this suddenly start with privacy law? No government has an interest in its enforcement arm ruining business, of course they care about downsides. Regulation and its enforcement doesn't exist in a vacuum, as much as the revenge-boner some "privacy advocates" (ideally selling some GDPR advice on the side...) get right now wishes it were otherwise.
(On the other hand, these numbers seem to be the only thing motivating some business owners to care, so even if they're never used they've served a purpose. Really, the amount of conversations you see that go "And they are complaining that suddenly doing X is so much work", "Didn't they have to do X under previous law as well?" "..." is mind-boggling)
And tell me, how exactly does this long list show that you won't be fined a ridiculous amount? Where does it say that if you only broke X out of Y rules that you will be fined Z less?
There's absolutely NO detail on how exactly the fines will scale DOWN other than to say that the fine could be as low as 10 million euro to 2% of global turnover. And it is filled with vague, totally up to the imagination terms like "nature, gravity and duration".
Do you really want to leave this up to the imagination of poor EU countries like Croatia or Romania and think they are going to care about making some random people bankrupt so they can cash in millions?
If the law does not prevent it, you can bet it will be abused.
How many business have been fined to death in other areas? I don't know but I am sure you won't hear about them. No one wants to be the guinea pig.
This law probably has the widest and easily enforceable scope out of any others in the past. That's what makes it different from before.
