Originally Posted by
bisonrav
The reaction was forced by GPDR legislation which puts BA directly on the hook for a percentage of turnover. They simply were not able to react in anything more than a completely defensive way, because anything giving a hint of liability puts them in the line of fire for a big fine. And having had a fairly chunky fine imposed, they're hardly going to exceed that with an even more chunky settlement to consumers.
GDPR is really an appalling piece of legislation. It's framed essentially as a tech tax against big internet concerns, and doesn't benefit consumers in the slightest because the fines go to the state, they don't go to pay compensation to people affected. So any indirect or direct goodwill payments to individuals have to be limited to reduce overall costs of settlement and implied liability. Privacy laws are great, all for that, but the state cash grab framework really is a problem. I don't think people really understand just how damaging this piece of legislation is to their interests, and how dishonestly it's been set up by its architects.
O/T it's based on the same principles used for competition law/antitrust. and the penalties enforceable are the same. The financial penalties imposed by the State act as a deterrence to ensure companies do not act in a way that will harm competition/privacy (and once penalties have been imposed they will ultimately go back into the regulators' coffers to fund more investigations which acts as further deterrence), while consumers are able to bring damages actions if they have been affected.
Once the infringement/breach has been found to have occurred by the regulator, liability is not implied - it is real and exists so all the consumer/third party then has to show is that they were affected (causation) and by how much (quantum). Settlement occurs largely because the parties are negotiating the quantum and don't want to take it to court - the payments are not "goodwill", they are to compensate damage.