Comment by AnthonyMouse

> I'd say it may not be obvious why, but it's obvious that it is less of a deterrent, because this sort of data trading seems to be commonplace and semi-overt in the US

But that's because the US doesn't even have the law requiring express and freely given consent, so they just stick the consent in some agreement nobody reads next to a box you have to check. You could have that rule without having the whole GDPR.

In this case they apparently collected the data even if you never checked the box, which is just egregious and now they're getting sued.

> the risk, i.e. probability of successfully getting sued * cost of successfully getting sued, is likely much lower

Certainly this is not because plaintiffs would be unwilling to file claims if they could.