Comment by permo-w

GDPR forces companies to make a choice: stop invasively selling data, or get explicit permission to do so. if a company chooses the shady second option, they have to hamstring their UX and have a big nasty banner that says "we don't give a fuck about your privacy"

it's actually very clever. the more profit hungry and and invasive a company is, the more desperate they are to sell your data, the shittier they have to make their website - or break the law and get a nasty fine a year or two down the line

this idea that gdpr isn't enforced or is somehow expensive (?) doesn't have any grounding in reality: just 2 months ago, Meta was fined 1.2 billion euros for GDPR breaches. they've also already been fined hundreds of millions multiple times. in 2021, Amazon was fined ~800m euros. smaller businesses are being fined all over the place[1]. GDPR is the opposite of expensive. it's profitable

GDPR is a huge deal at companies that handle any data at all. they don't think it's not being enforced

if you were criticising the lack of enforcement of a github policy, do you think you'd actually go and make sure they weren't enforcing it? so why not the EU?

[1] - https://www.enforcementtracker.com/