The money and time could have been a lot better spent on international awareness campaigns arming consumers with more privacy knowledge instead of expecting website owners to shoulder the informational burden (because those orgs in aggregate have no core incentive to treat user's privacy as an inherent good).
The GDPR is unlikely to be overturned, and there are plenty in the EU who are eager to enforce it. Just because it's not being enforced right this second doesn't mean the law won't catch up to offenders.
Especially if Margrethe Vestager replaces Jean-Claude Juncker as president of the European Commission, you can expect a ton of action on this front.
the odds of this are essentially zero
she's in a minor EU party and her own country won't put her forward as candidate
But we haven't yet seen it enforced, have we?
the only way that a law like the GDPR that’s purposefully vague and broad can work is to allow plenty of lead time for warnings and fixes before fines
it’s a process; you shouldn’t expect it to change everything overnight
And as a consequence we're going to continue sinking into irrelevance.
>The GDPR is unlikely to be overturned, and there are plenty in the EU who are eager to enforce it.
I think it will be overturned a couple of decades from now, when an economic crisis hits and we find that we've fallen significantly behind other countries due to our fear of technology.
My prediction is that these Cookie shenanigans will be ruled as illegal according to GDPR, and then they will disappear.
Fines are to be handed out by the national data protection agencies. In Germany, the data protection agency regularly goes after violators since the 1990s. They audit German administrations and companies with respect to data protection, and request changes where necessary. See here for yearly reports of one of the state agencies: https://lfd.niedersachsen.de/startseite/allgemein/taetigkeit....
So at least for Germany there is no foundation for your claim.
Which it, surprising no one competent, did.
The law forbids dark patterns, coercing into accepting, delegating opt-outs to third party sites, and requiring collection of more data than is strictly necessary to operate the site.