Think about it in terms of risk / reward or if you like, shareholder value.
If the value of the data exceeds the fine combined with the risk of it being discovered, the data will continue to exist.
Factor in the cost of actually guaranteeing that deleting something across all online, nearline, offline and archived data stores and the chances of anything being purposely deleted are not high.
Accidental data loss, sure, purposeful data loss, I can’t see it happening.
GDPR fines can reach up to $20 million dollars. That’s not a business expense. That’s quiet a dent in their quarterly balance sheet. And the EU has issued hefty fines in the past. This is not the USA we’re talking about.
In the last quarter of 2024 it shows a net income of $20,838 million. A $20 million fine would change that 3 into a 1 and again, that’s net income for just for three months.
Interesting, when you read that article, it says that Meta will appeal, searching for the GDPR fine and the appeal, all I found was more fines, but no records of the results of any appeals.
Appeal never lodged as far as I can find searching tje Irish high court lists. They lodged appeals against a €90m fine though which started hearing last week, and withdrew an appeal against a 2018 €251m fine
Yeah sorry, €1.2bn was USD $1.3billion at the time and about 1.25bn now, so hardly misleading though.
I only noticed the € vs $ because I was searching for the case, so all good.
It’s telling that they continue to attract fines. I saw the ones you mentioned also but didn’t have the energy to start digging.
Despite assertions made to the contrary in this thread, I’m not at all convinced that they’re doing anything other than maximising shareholder value to the exclusion of all other considerations, including making a risk assessment in relation to paying fines versus compliance with the law.
The fines for not complying with GDPR are company killing in size, even for a company as big as Meta. The value of an individuals data definitely does not exceed 4% of total annual yearly revenue, which can be the size of the fine for a single violation.
On 2024s global annual revenue of meta that would be a fine of $6.5billion. That’s 10% of their profits for the year.
I guarantee you they are complying with the GDPRs “right to be forgotten” rules.
I think you vastly underestimate just how much Meta is a law unto itself.
This is a company that has threatened countries … twice … Australia and Canada.
It’s not limited to Meta or silicon valley companies either, the fossil fuel companies and pharmaceutical companies are doing the same.
Once a company gets to a certain size, it appears that they become immune to the law and act accordingly, silencing dissent and fighting every obstacle with dogged persistence.
So, the law might say that data should be deleted, but I’d not bet my life on it.
And what? The EU has a trackrecord of pretty hefty fines. They won’t risk it for this many users.
Think about it in terms of risk / reward or if you like, shareholder value.
If the value of the data exceeds the fine combined with the risk of it being discovered, the data will continue to exist.
Factor in the cost of actually guaranteeing that deleting something across all online, nearline, offline and archived data stores and the chances of anything being purposely deleted are not high.
Accidental data loss, sure, purposeful data loss, I can’t see it happening.
GDPR fines can reach up to $20 million dollars. That’s not a business expense. That’s quiet a dent in their quarterly balance sheet. And the EU has issued hefty fines in the past. This is not the USA we’re talking about.
Again, you vastly underestimate the size of Meta.
In the last quarter of 2024 it shows a net income of $20,838 million. A $20 million fine would change that 3 into a 1 and again, that’s net income for just for three months.
Source: https://investor.atmeta.com/investor-news/press-release-details/2025/Meta-Reports-Fourth-Quarter-and-Full-Year-2024-Results/default.aspx
How about a $1.2 Billion fine ? Would that perhaps be consequential ?
They got hit with that 2 years ago
https://dataprivacymanager.net/5-biggest-gdpr-fines-so-far-2020/
Interesting, when you read that article, it says that Meta will appeal, searching for the GDPR fine and the appeal, all I found was more fines, but no records of the results of any appeals.
Also, it was €1.2 Billion, not $1.2 Billion.
Appeal never lodged as far as I can find searching tje Irish high court lists. They lodged appeals against a €90m fine though which started hearing last week, and withdrew an appeal against a 2018 €251m fine
Yeah sorry, €1.2bn was USD $1.3billion at the time and about 1.25bn now, so hardly misleading though.
I only noticed the € vs $ because I was searching for the case, so all good.
It’s telling that they continue to attract fines. I saw the ones you mentioned also but didn’t have the energy to start digging.
Despite assertions made to the contrary in this thread, I’m not at all convinced that they’re doing anything other than maximising shareholder value to the exclusion of all other considerations, including making a risk assessment in relation to paying fines versus compliance with the law.
Actually GDPR fines can reach 3% of revenue if i recall my compulsory training correctly. That’s a lot more than $20m for farcebook I would expect
It’s up to $20 million or 3%.
I just checked, it’s 4% of revenue and apparently Meta has already had a €1.2 Billion fine yes that B is not a typo.
https://dataprivacymanager.net/5-biggest-gdpr-fines-so-far-2020/
Didn’t know that. That us quiet a big fine. I doubt they can expense this every quarter
A billion has to be enough for them to notice it you’d hope ! They also got a €251m and a €91m fine (in 2018 & 2021 iirc on the dates)
The fines for not complying with GDPR are company killing in size, even for a company as big as Meta. The value of an individuals data definitely does not exceed 4% of total annual yearly revenue, which can be the size of the fine for a single violation.
On 2024s global annual revenue of meta that would be a fine of $6.5billion. That’s 10% of their profits for the year.
I guarantee you they are complying with the GDPRs “right to be forgotten” rules.
I understand your point.
I think you vastly underestimate just how much Meta is a law unto itself.
This is a company that has threatened countries … twice … Australia and Canada.
It’s not limited to Meta or silicon valley companies either, the fossil fuel companies and pharmaceutical companies are doing the same.
Once a company gets to a certain size, it appears that they become immune to the law and act accordingly, silencing dissent and fighting every obstacle with dogged persistence.
So, the law might say that data should be deleted, but I’d not bet my life on it.
I know people that work there, quite high up, and can tell you that they do comply with these requests.