I've wondered about implementing this type mechanism for corporate crimes/fines. If I'm not mistaken, typically the law attempts to establish the value of harm or benefit achieved and levy a fine based on that. What if instead it was revenue based regardless of what benefit the crime achieved. Then corporations would have strong incentives to not commit such violations.

We could also consider a three strike law for corporationsns as well. I haven't seen much discussion on these approaches.

Expand full comment

GDPR penalties include the option to base the fine on a company's revenue if the company is large enough. Perhaps that's the kickstart to changing the way corporate penalties are applied?

From https://gdpr.eu/fines:

The less severe infringements could result in a fine of up to €10 million, or 2% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher

Expand full comment