They however still may be in breach. Their consent flow claims the following:
"We use cookies and data to:
* Deliver and maintain Google services
* Track outages and protect against spam, fraud, and abuse
* Measure audience engagement and site statistics to understand how our services are used and enhance the quality of those service" [emphasis mine]
The last point is definitely not functionally necessary nor essential for delivering the service yet is a prerequisite - the "reject" button doesn't apply to those.
$CRTO is a giant, for sure, with $1.6B market cap and quarterly profits [1] of $185M.
The potential for a $65M fine for actions taken 4 years ago will - after they challenge the finding, challenge the value, face a formal hearing, receive a draft decision, review that draft with other GPDR data protection authorities, and finally are levied a financial penalty sometime in 2023 - will surely crater their unethical business model and cause them to change their ways. /s
You’re looking at about $2B revenue a year. The absolute maximum that GDPR can fine is 4% global revenue, which would be $80M for Criteo. So this is nearly topping out. Of course, if a company continues to treat GDPR as the cost of doing business there are other, more long-term, options.
> actual quarterly profit is 10% of what you claim
"Profit" is an imprecise word. Criteo made $38mm of net income in the six months ending June 2022 [1], or $76mm annualized. €60mm is about is 80% of that. Free cash flow (FCF), on the other hand, was $77mm or $154mm annualized (40%). (OP referenced gross profit. Fines are no longer tax deductible [2][3]. Referencing a post-tax measure, like net income or FCF, is thus more appropriate than gross profit.)
Either way, your broader point stands. Four fifths or two fifths or 12.5% of cash and cash equivalents, potentially a year, is nothing to sneeze at.
I see a future where adtech companies operate under a franchising company owned by a holding company, just to avoid making any net profit for any of the individual companies actually handling someone’s data.
I think the fine needs to be 10x the amount of annual sales (not profits). It needs to be enough that causes these companies to go out of business. They are a cancer on our society, and they need to be eradicated. Most of the time, I'd be soft on people losing jobs, but these jobs 100% need to not exist.
Wake me up when TrustArc or their clients get fined. That is the company that added artificial delay for "processing" if you rejected optional cookies.
Just like yesterday I was walking down the block and the police on Lastarria were towing a gray car. I had never seen that, and they had five cops on the scene watching everything was going in order. I asked them if they were towing I thanked them! In this context there was never any towing, no consequence ever for parking violations. I said yeah great! There has to be integrity, there have to be consequences. Great!
16 comments
[ 3.4 ms ] story [ 51.2 ms ] thread"We use cookies and data to:
* Deliver and maintain Google services * Track outages and protect against spam, fraud, and abuse * Measure audience engagement and site statistics to understand how our services are used and enhance the quality of those service" [emphasis mine]
The last point is definitely not functionally necessary nor essential for delivering the service yet is a prerequisite - the "reject" button doesn't apply to those.
The potential for a $65M fine for actions taken 4 years ago will - after they challenge the finding, challenge the value, face a formal hearing, receive a draft decision, review that draft with other GPDR data protection authorities, and finally are levied a financial penalty sometime in 2023 - will surely crater their unethical business model and cause them to change their ways. /s
[1] https://criteo.investorroom.com/2022-08-03-CRITEO-REPORTS-ST...
"Profit" is an imprecise word. Criteo made $38mm of net income in the six months ending June 2022 [1], or $76mm annualized. €60mm is about is 80% of that. Free cash flow (FCF), on the other hand, was $77mm or $154mm annualized (40%). (OP referenced gross profit. Fines are no longer tax deductible [2][3]. Referencing a post-tax measure, like net income or FCF, is thus more appropriate than gross profit.)
Either way, your broader point stands. Four fifths or two fifths or 12.5% of cash and cash equivalents, potentially a year, is nothing to sneeze at.
[1] https://criteo.investorroom.com/2022-08-03-CRITEO-REPORTS-ST...
[2] https://www.irs.gov/pub/irs-drop/td-9946.pdf
[3] https://www.journalofaccountancy.com/news/2021/jan/irs-regs-...
I hope EU fines them
Just like yesterday I was walking down the block and the police on Lastarria were towing a gray car. I had never seen that, and they had five cops on the scene watching everything was going in order. I asked them if they were towing I thanked them! In this context there was never any towing, no consequence ever for parking violations. I said yeah great! There has to be integrity, there have to be consequences. Great!