Hi Citizen422,
I well understood where the $750 million comes from.
Nevertheless the current understanding of GDPR propagated by many people and organisations is, based on my own regulatory understanding, quite extremist.
There is the Law and the Spirit of the Law.
GDPR main objectives are:

• Protecting data privacy
  
• Enabling the data portability
  
• Enabling the ability to consult the stored privacy relevant data
  
• Enabling the ability to correct privacy relevant data
  
• Ability to suppress privacy relevant data

Based on those, we can take a deeper look on what privacy relevant data are recorded, stored, maintained, and shared by WCG.
WCG does not maintain any privacy relevant data in the meaning of HIPAA (for referring to a US regulation).
WCG does only manage member contribution data uniquely tagged using the member boinc cross project identifier (global unique identifier).
Even if this identifier could (should?) be considered as a privacy relevant data, this ID does not reveal much about who the member is (gender, religion, address, health/diseases, etc.). Additionally, based on an opt-in/opt-out functionality, WCG could offer to its members the ability to accept that their contribution statistics could be shared with third party using the cross project ID or being pseudonymised.
WCG was already very careful with member privacy relevant and contribution statistics. It is the reason why I do not understand the current WCG behaviour.
WCG is not FB, Google, Amazon, MS, or eBay! There is no real reason to be afraid that IBM has to pay a $750 million penalty because of WCG.
In the same way, I cannot understand the behaviour of some bloggers closing their blog because of GDPR !?!
Additionally people and companies have to keep in mind that GDPR is not really new it represents only the evolution of the previous European Directive 95/46/EC (already titled "General Data Protection Regulation"). The main problem is that many organisations deliberately ignored this Directive, in particular because the financial risk was very low (negligible). The "new" regulation 2016/679 is more complete and spells out clearly what is expected. The range of the financial penalty is now related to the reality of the business made by some dishonest organisations selling privacy relevant data, mostly illegally collected. As far as I know, it is not the case for WCG.
Cheers,
Yves

Hi Little Mermaid,
I use to use the case you mentioned by the trainings I moderate since my business area is regulatory compliance, in particular e-Compliance, within the pharmaceutical sector, including patient data and data integrity.
There is another case in Austria occurred during the same period with the loss of a CD with MS patient data during the move from a call centre to another one.
Such cases show how companies and organisations are not aware how critical can be privacy relevant data and how weak are the data management processes.
The mandatory requirements for a DPO as well as for a register with an exhaustive catalogue of data computation are very meaningful and they should help to improve the management awareness regarding data privacy.
Nevertheless cloud computing does not represent any exception. Storing as well as processing privacy relevant data in the cloud represents a significant risk whereas the contract giver remains responsible and accountable at first.
Cheers,
Yves

I guess you would have to talk to their lawyers about this.

I certainly see you as international, KerSamson, just thought of Switzerland as a hub for much big pharma.
I hope Denmark treats you well

Kevin,

This may not be appropriate in a thread about the API, but if you're keen to improve the information that WCG provides to users (in general, as opposed to specifically for stats site developers) then I should like to say a word about what kind of information the stats sites provide that WCG does not provide on its own web site, and why I think that is relevant to discussions about competition.

The most important thing (in my opinion) is some sort of recent performance data. The WCG site provides various averages for each user, but they are averaged over the entire time that a user has been a member. Users get access to new kit, old kit dies, new kit is faster, people go on holiday, people shut machines down in summer, etc, etc -- lifetime averages are not much use! The stats sites typically provide data averaged over the last week and the last month (four weeks?). I believe that it is this information which is most relevant to stimulating competition.

The same recent performance data are relevant for teams, too.

Having got that information, then what can you do with it which stimulates competition? I think the two most important things are providing overtake estimates (how many days before I am likely to overtake each of the people/teams in front of me, or be overtaken by the people/teams behind me) and the ability to compare, perhaps graphically, my own or my team's recent performance against another user/team.

Just my 2p'th.