Here's my latest and greatest(ish) post:

How to overcome GDPR ... with data leaks.
https://loosy.gitlab.io/2019/10/...

First, you could have posted that directly as rant. Second, there are some issue with the logic:

1) You don't get away with just saying "dunno how that happened" because the authorities won't let that fly. Remember that a hack through negligence results also in a hefty fine.

2) Unless the company has some sort of monopoly like Facebook, the customers can lose trust.

3) How do you get that money into the books? Money from illegal activities first has to be washed, and then you're already in the money laundry laws. That's where the state is a lot more picky than with privacy violations. We're also not talking fines anymore, we're talking prison.

Sure, you can make a zoo of cover companies, that's how money laundry usually works, but that would be a lot of effort just for selling some user data.

4) The explanation that companies disclose the breaches simply because the laws changed and now are forcing them to do so doesn't seem that far-fetched.

Look, just attach a banner to the site that says "we sell user data". That should do it.

@Fast-Nop my post is just a shy attempt to open up to the idea/possibility, people can and probably will confute it but that's not the point I'm making.

For your points:

1) How would you proof first that it was negligence if the hack happened under industry trade secret tech?

2) Nowadays you can't be even that sure that your data isn't part of the leak even if you have never heard of the company in the first place, prior GDPR there wasn't any concern in this regard either.

3) It's not illegal if you sign private service contracts that let the economical transaction happen without actually having to proof to have received the service. Or maybe I'm wrong.

@Loosy 1) Hacks don't just happen like rain. There has to be a reason, and you have to state how it happened, at least to the autorities. "Dunno" won't fly. And your idea was basically to cover the sale as accident.

2) It doesn't matter whether my data were part or not. The company loses my trust, and I may not be willing to be their customer anymore. I won't buy something from them again.

3) Sure, you could make the contract about delivering something else. Problem: this has to be basically worthless, and buying worthless things is a red flag for money laundry when the books get checked. Also, buying regular items at a much higher price will achieve the same because that's a common way of tax withdrawal.

If the whole scheme really pays off, and it's a one time thing anyway, why not just sell the whole company?

@Fast-Nop "If the whole scheme really pays off, and it's a one time thing anyway, why not just sell the whole company?"

You know, some people just can't get enough of it as long as it works.