GDPR proving to be great once again. The case for a US equivalent gets stronger. And more importantly, all these fuck ups will ensure that whatever bill gets drafted isn't just what the Facebook/Google lobbyists find acceptable.
>Because the company kept a limited set of activity logs, it was unable to determine which users were affected and what types of data may potentially have been improperly collected, the two people briefed on the matter said. The bug existed since 2015, and it is unclear whether a larger number of users may have been affected over that time.
Then, to be clear, is your position that companies should be punished (fined) if there has ever been the possibility that user data was compromised? It's possible that a time-traveling quantum-powered encryption-breaking mind-reader from the future has seen your personal data. Should we fine everybody who knows anything about you?
Reckless endangerment deals with the possibility of something bad happening, but notice that word "reckless."
I didn't say GDPR would apply in this situation, and the WSJ story suggests it wouldn't because of when it was discovered. All I said was that GDPR was great (obviously we'd only see the benefits from it after it had gone into effect), and this latest scoop bodes well for the political movement to enact equivalent legislation in the US.
