blog

https://blog.ce9e.org
git clone https://git.ce9e.org/blog.git
commit
d687b9ef93982008c2c5e366eef6c4be3c3fcecb
parent
249b98975c882cc89c88e8fe1b7f21920d4fffca
Author
Tobias Bengfort <tobias.bengfort@posteo.de>
Date
2024-08-02 09:51
gdpr post: rephrase tax idea

Diffstat

M _content/posts/2024-03-22-beyond-gdpr/index.md 24 +++++++++++-------------

1 files changed, 11 insertions, 13 deletions

diff --git a/_content/posts/2024-03-22-beyond-gdpr/index.md b/_content/posts/2024-03-22-beyond-gdpr/index.md 

@@ -165,20 +165,23 @@ communication strategy next time around.
  165   165 
  166   166 Imagine if companies had to pay taxes on the size of their database.
  167   167 
   -1   168 So far, the GDPR concentrates on individual rights. If a corporation violates
   -1   169 those rights there can be considerable
   -1   170 [fines](https://gdpr-info.eu/art-83-gdpr/). But if people willingly give their
   -1   171 data to Facebook, all is well according to GDPR. The conceptual shift I am
   -1   172 proposing is to preemptively tax corporations based on the risk their data
   -1   173 collection poses to society as a whole.
   -1   174 
  168   175 I can easily come up with a justification that contains enough buzzwords to
  169   176 sway your average politician: *In these trying times full of ransomware and
  170   177 cyber terrorism, storing any kind of data is a public security hazard. The
  171   178 companies that are most likely to leak data should also pay the biggest part of
  172   179 the cleanup-bill.*
  173   180 
  174    -1 So far the GDPR concentrates on [fines](https://gdpr-info.eu/art-83-gdpr/)
  175    -1 instead of taxes. I am not well versed in the discourse around these two
  176    -1 options. But maybe it's not even that important whether this is a fine or a
  177    -1 tax. The juice is in how it is calculated:
  178    -1 
  179    -1 The fines in the GDPR can be high and they are also supposed to consider the
  180    -1 "number of data subjects affected and the level of damage suffered by them".
  181    -1 But I want something more specific. I want something like this:
   -1   181 The tax should incentivize corporations to keep datasets small, throw away
   -1   182 historic data, avoid highly sensitive fields, and restrict the pool of users.
   -1   183 Looking at *unique* datasets could encourage high k-anonymity. I imagine
   -1   184 something like this:
  182   185 
  183   186 ```
  184   187 tax
@@ -188,11 +191,6 @@ tax
  188   191 * number of natural people with access
  189   192 ```
  190   193 
  191    -1 This would explicitly incentivize corporations to keep datasets small, throw
  192    -1 away historic data, avoid highly sensitive fields, and restrict the pool of
  193    -1 users. Also note that looking at *unique* datasets would encourage a high
  194    -1 k-anonymity, something that the GDPR doesn't even consider.
  195    -1 
  196   194 There are clearly still a lot of details that need to be worked out. I also
  197   195 have no clue how much administrative work this would cause. But it is an idea.
  198   196