GDPR, Data Protection Act, etc all exist. These are all leveled againist the company.

> If you commit an act of murder as a company agent, limited liability isn’t going to protect you. This law is simply saying that failing in your legal responsibilities as a specific company officer is a criminal offence. Just like committing fraud as a company officer, or failing to produce accurate accounts will also expose you to personal criminal liability.

Comparing data protection with murder is silly. The law is simply stating if you breach data protection laws it's now a criminal matter againist a person instead of againist a company, Massive difference. Especially, if you registered a company to make sure you're not personally liable for data protect breaches.

Then the way to do this is to simplify laws and their understanding. A company shouldn't need a large legal team just to figure out if they are doing something legal or not. It kinda sounds ridiculous when you think about it. That you have to hire a bunch of lawyers to figure out if you are a criminal or not. That clearly means things are too complex. I get that there are places this should apply to, but not small businesses and startups.

You can have regulation that is both easy to understand and effective. There is also letter and spirit of the law. We should never let the letter hinder the spirit.

The law is changing so that the liability isn't limited to the company. That has all to do with the companies limited liability.

just take a page out of corporations' way of doing things, and use a limited liability entity for everything. You get the benefits, but is not legally liable.

> That is outrageous. The company owners have limited liability protections.

The owners have limited financial liability, not limited legal liability.

https://en.m.wikipedia.org/wiki/Limited_liability

> Limited liability is a legal status in which a person's financial liability is limited to a fixed sum, most commonly the value of a person's investment in a corporation, company or partnership.

From my understanding, a limited liability company exists to protect the business members and shareholders from legal action of their private persons. I.e. if the business goes under due to a poor product or something, they can't be held personally liable. That doesn't mean they are excused from criminal behavior, they can still be liable for some of that.

However, in either case there is no "benefit to society" clauses. It's simply a legal construct to protect people. In this case, Google did what they did... They probably weren't criminals though

This is not a German exclusive. Managers of a company are nowhere shielded from legal responsibility when they violate the criminal code. (Okay, big banks maybe not, but at least from the letter of the law...)

This is just ridiculous, patently false and making an excuse for reckless behaviour. Only specific laws apply to your business domain and if you aren't complying with them then you are wilfully breaking the law and putting your customers and the general public at risk.

Own a cafe ? You should be cooking in a safe manner. Sell a car ? It shouldn't kill people. Run a website ? Make sure your user's privacy is respected.

In other fields there is a direct relation between number of customers and liability.

But if i offer free software and also offer commercial support for it, and because of that i would be liable to everyone who uses that software, not just to those who pay for commercial support, then there is no relation between number of customers and liability, and liability cannot be really priced-in.

Technically I believe there's an exception for things that are very clearly the responsibility of a single partner (i.e. done without anyone else's knowledge or consent).

> It’s not obviously a bad thing

Disagree. We've seen a huge surge in accounting scandals since these accounting firms became limited-liability; the field has become dominated by these "too big to fail" companies who make massive profits while paying tiny penalties for their wrongdoing.

> Lloyd’s underwriters (used to?) have unlimited liability. I can’t think of other examples.

I believe there's a New York commercial law firm that's still structured as a traditional partnership.

> I feel like they don’t scale well to large organisations.

Maybe that's a feature rather than a bug.

That's what I think a lot of business owners and managemwnt don't quite understand about lawyers. If you listened to everything your lawyers are telling you, then you would never do anything interesting (i.e. anything risky). You don't necessarily have to listen to everything a lawyer says because their incentive is to limit your risk, not necessarily to ensure your long term success, which are different things. If it means doing wrong by your customers then lawyers may tell you to do it if it means a micron less liability.

Hear hear!

Because their responsibility to do so hasn't (yet) been translated into legal liability.

A lot would change if someone could successfully sue a company for not keeping one of these sorts of promises.

No it’s not. You can go to nolo.com and pay less than $300 to get incorporated

https://www.nolo.com/legal-encyclopedia/forming-corporation

Even if you choose to hire a lawyer to do it, it’s a relatively simple process and it would cost a lot more to hire a lawyer who knows the technicalities of something like the GDPR and whether it’s applicable to your website.

Should I also include the lawyer in my product planning meeting?

> GDPR really is very simple at the core: you are not allowed to collect personal information, unless. 99% of it are definitions of those exceptions.

If it’s so simple, then why is it 99 sections and 11 chapter.

What was the faulty product in this case? Struts? Why is Equifax liable?

> The Equifax breach here was caused by, at the very least, reckless negligence in that they failed to patch a published vulnerability for MONTHS after it was disclosed.

You have no knowledge of their internal security practices, or what the status of knowledge of the vulnerability was. Did they make a mistake? Absolutely. But no security is perfect. You have zero basis to make such a claim.

> What I'm talking about is having the same expectations, requirements and civil and criminal punishments that product liability would have with a physical product, at least when it comes to willful negligence of this sort.

There are already laws on the books that cover this, as well as the CFPB. I expect significant fines and additional oversight for Equifax in the coming months.

> The VW emissions scandal (rightly) is resulting in criminal prosecutions for fraud.

Because that was a real, provable, honest to goodness fraud, where there was provable criminal intent. Just like Enron. Where's the criminal intent with Equifax?

No. Who the data controllers are is a matter of fact, not assignment.

To quote the Court of Justice of the European Union in the Fashion ID case (C-40/17) at paragraph 68:

"[A] natural or legal person who exerts influence over the processing of personal data, for his own purposes, and who participates, as a result, in the determination of the purposes and means of that processing, may be regarded as a controller".

Furthermore, as per that case, multiple data controllers may exist for some processing activities.

So both Company A and Company B may be considered to be Data Controllers and thus both liable.

To quote: "You're playing an excluded middle"

Investor invests in building. Lightning burns it down. Should that investor be legally liable for their entire worth, or just the value invested?

There is some medium ground between being liable without bound and not having any liability whatsoever. Limited Liability Corporations are just that - you can be held liable beyond the LLC if you do illegal things. But the limitation is to be liable for only the assets relevant to the business. This seems perfectly like a reasonable middle ground.

And it's listed often as one of the best inventions enabling a modern economy [2]."To the economist the concept is essential, for without limited liability capital acquisition would be difficult indeed." [3] The historical evidence is that limited liability corporations enabled using excess capital far more efficiently than previously, which is why pretty much every country in the world has adopted it. It was clear early on that those countries not adopting it were falling behind economically.

>Even without limited liability, those with assets will assume risks if the potential returns are commensurate. Always have, always will.

Before limited liability, unlimited liability was the norm. If a merchant invested some of his profits in a ship, and the ship sank, then those with cargo on the ship could sue the merchant for all the merchant was worth, far surpassing the value the cargo was worth. This disincentivized merchants investing.

So yes, investors invest commensurate with the risk. If the risk goes up, they invest less. This was the norm. Excess capital was not being used for fear of losing not only that capital but all capital.

The Dutch invented limited liability in the 1600s in order to tap this unused capital. " The innovation in the case of the VOC was that the liability of not just the participanten but also of the bewindhebbers was limited to the paid-in capital (usually, bewindhebbers had unlimited liability). The VOC therefore was a limited liability company" [1]

This proved so successful economically that all neighboring nations adopted it soon thereafter, enabling a boom in shipping.

Now, back to mortgages, etc. Mortgages are lent by banks (more or less). Before limited liability, the bank was owned by one or more people, and they were liable for any business deals they got involved in that went wrong, and not just for the amount invested in the business, but for all their assets. If they lent a mortgage, and something was wrong, even by acts of God, then the bank and any shareholders could be sued for everything - their entire set of assets, their houses, and even their families houses.

If you don't see how this disincentivises investment or risk taking, then I don't know how else to explain it. I'm far more likely to invest $100 if I know I'll at most lost $100. If I'm possibly liable for $1,000,000, I'm not likely to ever invest that $100.

> Even without limited liability, those with assets will assume risks if the potential returns are commensurate. Always have, always will.

We agree on that. When the risks are tremendous, there will be less investment. And this is historical fact.

[1] https://en.wikipedia.org/wiki/Dutch_East_India_Company

[2] https://www.bbc.com/news/business-40674240

[3] https://www.bus.umich.edu/KresgeLibrary/resources/abla/abld_...

But there's no guarantee of this right? According to the law, if they wanted to destroy your company over some tiny accidental rule breakage, they could. It just depends on if you're on someone's list or they're having a bad day. Unpredictable application of the law is not great.

Language that protects end user data across changes in company ownership basic doesn’t exist.

For one thing, if the company goes bankrupt, the data is an asset of values, and the court will allow them to void prior contracts so that they can sell off assets and pay their debts.

This is legal for the same reason pensions get zeroed out during bankruptcies and acquisitions.

If the new owners can steal retirement money from current and former employees, you can bet they can sell whatever treasure troves of data the company has amassed.