Many, but not all of them said this. Given that GDPR has absolutely no requirement that warnings be issued, it is not reasonable to expect that warnings were issued and/or ignored in cases where it doesn’t specifically say this occurred.
You don't seem to have brought up any cases where we know that fines were imposed without a warning, nor any reason to believe this particular case was special.
If, out of all the cases that we do know whether warnings were issued, warnings were in fact issued in the vast majority of them (or even 100% of the known cases), then for a case where we don't know and have no reason to believe is special, isn't the reasonable assumption that it's not special and is no different from the other cases?
Once again, under GDPR, it is entirely legal to issue fines without a warning. Therefore, in any case where it does not say that there was a warning, one can reasonably assume that no warning occurred - especially given that in some cases (according to you, most cases) they did say something about a warning. The absence of the mention of a warning in this context implies that there wasn’t one.
The point is, and no one has been able to refute this, that warnings are not required under GDPR. Even if they have issued warnings in most cases thus far, it is still early days. As these actions under GDPR become more common, there is no guarantee that even those countries that have been issuing warnings first will continue to do so. The enforcement of regulations that have the potential to generate massive revenue streams for government entities tends to become increasingly aggressive and creative as time goes on.
I don’t understand why anyone, even those in favor of GDPR, would attempt to refute the black and white text of the law. No warnings are required under GDPR, and thus the potential exists for fines to be issued without warning. There is no argument or opinion to be interjected here. This is a binary fact. Are warnings required? No, warnings are not required. It’s that simple.
Once again under UK drug law it is entirely legal to send someone to prison for five years (I think) for an eighth of weed. Except it never happens. To get straight to a maximum penalty there would be very damning circumstances.
It's why we have regulators, judges and magistrates - to apply judgement and proportionality. Sure there's a few headline cases of some absurdly harsh sentence - and just about always the details reveal there were a lot of very damning circumstances that make the sentence seem pretty reasonable.
Do US judges rubber stamp a maximum sentence each and every time? No. Does every visit by police result in prosecution? No. Is every warning and scaling mechanism offenders get in the US expressed perfectly in statute? No. Otherwise you would have fired all the judges as surplus to requirements.
You're just spreading FUD. Understand the legal system in Europe before spreading such rubbish.
You appear to be spreading false rumors about them issuing warnings even though they don’t have to. When I organized the data on this site by fine amount, not a single case on the front page said anything about any of the companies fined having received a single warning.
So, by comparing this to legal situations where “it never happens” you are purposely misrepresenting the risk of receiving a fine under GDPR without any type of warning. While having an eighth of weed rarely if ever results in a 5 year sentence in the U.K., clearly not receiving a warning before being fined occurs quite frequently. You have made a false equivalence between these two things.
You also need to remember that if the regulator has got it wrong there is a remedy available for the person being fined.
About cannabis: generally the first offence will receive a warning unless there are aggravating factors. Police are expected to take an escalating approach: 1st offence = warning, 2nd offence = penalty notice for disorder (which doesn't result in a criminal record if it's paid), 3rd offence = arrest followed by caution or charge and prosecution.
Why would you expect a site built to report GDPR fines and penalties to report GDPR warnings?
ICO haven't yet released aggregate figures for GDPR, it's too soon. GDPR is a minor update of DPA, and they have released aggregate numbers on that for a while. Fines are levied in a tiny minority of cases. Warnings are far more common, as is steady escalation. The expectation here is the proportions will remain the same under GDPR.
On weed, actually no, because the default action for weed for the vast majority is just a warning. So no, it isn't clear that getting fined without warning first happens quite frequently, because that's also simply not true. You're very unlikely to see a court without a warning first.
It is not a minor update[1]. The Information Commissioner's Office is extremely aware and vexed, given the current state of affairs, that Data Protection Act 2018, needs to be aligned as closely to the GDPR to allow for information to flow freely after Brexit (Article 45)[2][3].
Furthermore, ICO has not been the epitome of a regulatory body enforcing the law to it's fullest extent, for which it has had the remit for ─ by stopping business' doing a runner or imposing maximum fines, neither has it had a good record on collecting the fines issued. Although, it has made a meal of some of the high profile rain-making cases which have already been in the public eye. It is ironic that there are no real details forthcoming from ICO and one has to resort to FoI requests to get any information on it's previous escapades under DPA 98![4]
That is an entirely different issue. GDPR is effectively an update of DPA 1998 that it replaces. Most is the same, definitions and scope are widened and modernised. A company that had implemented DPA(1998) was most of the way there for GDPR(2016). If you're going to get pedantic, DPA 1998 is one of the many implementations of EU's DPD 1995 as there is a fundamental difference between EU Regulation and EU Directive.
Clearly I am not calling GDPR (2016) a minor update of a subsequent law UK DPA (2018). That is UK's implementation of GDPR, which thanks to the stupidity that is Brexit may indeed have some issues interrelating with the EU. Probably the least of our issues, but still...
UK ICO's stance is fairly well known, but I don't think they can be held responsible for businesses that liquidate in the face of fine. That seems more likely to be an issue of UK company law.
>UK ICO's stance is fairly well known, but I don't think they can be held responsible for businesses that liquidate in the face of fine. That seems more likely to be an issue of UK company law.
You are confusing ICO's stance and responsibility with it's reluctance to enforce powers, which have already been granted to them by the government, in order to pursue negligent cases and collect fines under the UK law.
The Insolvency Service has general powers to investigate both insolvent and active companies, including those companies that undertake direct marketing activities. If a director has deliberately acted to the detriment of the company and/or its creditors, action may be taken against the directors under the Insolvency Act 1986 or the Company Directors Disqualification Act (CDDA) 1986.
That's the Insolvency Service, which isn't ICO, and presumably they (IS) would have to instigate action. I've no idea how it interrelates with ICO's powers, but I'm completely outside my knowledge here.
No one is saying warnings are required. I said I expected one was given, because 1) it appears to be the common practice, and 2) it is the reasonable thing to do. So I doubt that this person would have been fined without a warning, but indeed, I have no way of knowing. That said, I'm open to the idea that perhaps the law should stipulate a warning, but perhaps the language around proportionality/reasonableness is sufficient.
The absence of the mention of a warning in this context implies that there wasn’t one.
Why? Many of these summaries aren't official justifications of the fine, they're news clippings. What leads you to believe that if a warning was issued, the news would always mention it? They're not trying to justify the fine, they're trying to inform the public, and they can never include every detail, they always have to leave stuff out. What leads you to believe the news always mentions warnings if issued?
I don’t understand why anyone, even those in favor of GDPR, would attempt to refute the black and white text of the law.
Literally no one in this thread has attempted that, and you incessantly repeating this strawman is why you're being repeatedly downvoted.
Each supervisory authority shall ensure that the imposition of administrative fines pursuant to this Article in respect of infringements of this Regulation referred to in paragraphs 4, 5 and 6 shall in each individual case be effective, proportionate and dissuasive
When deciding whether to impose an administrative fine and deciding on the amount of the administrative fine in each individual case due regard shall be given to the following:
A) the nature, gravity and duration of the infringement taking into account the nature scope or purpose of the processing concerned as well as the number of data subjects affected and the level of damage suffered by them;
b) the intentional or negligent character of the infringement;
e) any relevant previous infringements by the controller or processor;
i) where measures referred to in Article 58(2) have previously been ordered against the controller or processor concerned with regard to the same subject-matter, compliance with those measures;
