That's interesting but ultimately pointless, the way to look at this is as a signal: don't do this, it will be at least 600K per individual if you do it again. And knowing the way courts work a little bit that second violation is going to generate a lot more attention and a third is likely something that even the Google board would want to know about.
Don't ignore the courts or they will make sure you notice them.
No, it's 600k per individual that successfully pursues this to the point where government regulators step in. I'd say it's quite likely that for every individual that gets this acted upon, there's a significant number that either (a) never complain, (b) don't have the political pull to get the regulators interested or (c) simply can't pass the burden of proof despite being in the right.
Actually it does. Finland calculates fines, e.g. speeding tickets, as a function of your income, otherwise the rich will treat them as a simple nuisance.
This is why I measure in person months and not dollars.
You fine the speeder a fraction of their income (person months), not a fraction of their entire support networks income (months). Doing the latter would tend to discourage people from forming large support networks (large companies).
But because they got together in a bigger group they can afford such fines easily and in order to be effective at all you need way stronger incentives.
I think it is quite unlikely that the Gmail team had anything to do with the search teams decision here. Certainly I wouldn't expect them to be well enough informed about the legalities and the details of the case to be colluding.
It's time that courts come to terms with the amount of money companies now control. A 600k fine is quite large if an individual. For a large corp, it's a rounding error. If a court wants to signal they are unhappy with the behavior of a corp, then they really need to adjust their punishment. These corps have money that rival nation states, and should be treated as such.
Bear in mind this is for a single violation, not a widespread noncompliance issue. Considering the number of RTBF complaints Google fields (I believe it's north of a million by now), a large number of violations would ratchet up the costs significantly.
This is probably a good example of RTBF working as intended. For as loud as Google was opposing to it, they've done, on average, a reasonably good job complying with it (people who know me should know I do not give Google more credit than they deserve, ever), and penalties like this for individual failures seem reasonable for the impact on the individuals who file them.
RTBF for better or worse places the burden of deciding how to respond to a request on Google, not an independent judiciary. That cuts down a lot of red tape, but I think it also means the appeals process can't be too harsh on the penalty here: The trial court usually isn't penalized for being overturned on appeal.
And also a first violation of this kind for this court. A second one would likely not pass unnoticed. A case here in NL where a hospital first got warned then got fined a small amount and then got fined a - for that hospital - massive amount certainly put them on notice. That's an error that will not be repeated a fourth time.
It is one case. Obviously the fine cannot be extreme. However GDPR fines can go up to 4% of revenue. But such a fine would be based on many users, not just one.
