I don't know if I'd accept this. Zoom deliberately bypassed macOS security measures and ignored other basic principles for security. Additionally, they ignored privacy regulations like the GDPR by sharing data with facebook without user consent.
That's a lot of stuff to forgive, within just a few weeks. I could forgive their servers buckling under the load or the trolls bombing in meetings. But everything else is less of a mistake rather than a concious decision in the basic software architecture.
Isn't this where fines balance things out? I mean, it's 2020 ... GDPR isn't a new thing. It's good they have a plan to fix things, but isn't that enough for tech startups "We're sorry :(" narrative?
They are well funded, and have plenty of resources when compared to SMEs...
People still can choose to not use the service anymore, but that choice alone isn't enough. They should pay for it, and then users can make that decision.
> Isn't this where fines balance things out? I mean, it's 2020 ... GDPR isn't a new thing.
Exactly! Thats the point I was trying to make (sorry if that didn't came accross properly). It's not like they are facing completely new challenges. GDPR has been in place for years, yet they are breaking it. Guessing URLs to access "protected" files is also not unheard of.
I understand that it is a massive challenge to scale so fast and its good that they have plans to fix these issues, but these are mistakes that could have been easily avoided in the beginning.
The problem is that the GDPR is a joke, it's almost like they passed the law under duress but aren't actually interested in enforcing it (maybe because whoever is in charge is actually benefiting from the current situation?)
The idea to enforce it was each country Data Protection Agency is the key contact for any data/security issue - doesn't matter if it's reported by the company itself, or by a consumer who denounced a breach in data protection terms.
Then the country can issue any fines, reporting to EU agencies, etc.
The problems are:
- This process isn't clear for companies, let alone consumers;
- Not all Data Protection Agencies are the same, neither have the same resources. Here, in Portugal, when GDPR was live, the director of the agency came out to the public and said it was impossible to enforce anything because they didn't have the resources to do it. He was fired.
The reality is that it's extremely hard to control so many players, and delegating it to each country, some of which underfunded, doesn't get us anywhere.
That's a lot of stuff to forgive, within just a few weeks. I could forgive their servers buckling under the load or the trolls bombing in meetings. But everything else is less of a mistake rather than a concious decision in the basic software architecture.