alt Hacker NewsThey did: the Finnish CEO was criminally charged and convicted (under GDPR); that never happens in the US. (I wasn't aware it was overturned on appeal in 12/2025, neither is Wikipedia currently).
They did face consequences. That ex-CEO (and CTO) also essentially had their reputations shredded, and their behavior was publicly scrutinized (have you ever seen the Comcast CEO grilled by Congress? I haven't). Sure, it would be better if they had actually gone to prison. But my point is GDPR has teeth, unlike US state digital privacy laws.
> have you ever seen the Comcast CEO grilled by Congress?
I seem to recall some media circuses here and there about CEOs being subpoenad by Congress, for example Zuckerberg. I don't really consider that a consequence in any meaningful sense.
Apparently the appeals court also released the hacker, even though his extortion led directly to the suicide of two people, and damage to thousands of others. Maybe the GDPR was meant to have teeth, but I can't help but wonder if the Helsinki Court of Appeals is for sale.