I had the pleasure to learn a lot about this while working in the higher levels of some german company with a somewhat questionable track record.
Here's what you can do (only applies to Germany, but might be similar elsewhere):
Complain to the data protection authority of your local state in writing. These complaints will be followed up by the authority and if enough of them accumulate, the company will have a bad time and the aforementioned incentive equation will be bent towards the end that favors user privacy.
Don't write angry emails. Nobody cares and you waste time.
Pretty clearly so. It seems weird to me that so many companies put up a cookie banner in order to avoid breaking the law, and then break the law in order to make it less effective. I suppose the win here is that if the (fairly toothless) regulators notice you can say "oh we thought this was enough" and then tweak it. But in that case why not just have no banner at all, and wait until they notice in the first place?
Just as daft as the extra-US sites that choose to show no content to EU geolocated origins instead of complying with the law. Which is... also illegal under the letter of the law, so why not just ignore the law. Presumably you're probably out of the jurisdiction anyway if you're bothering to do this.
Since when? The GDPR explicitly only applies if you offer your shit to EU subjects or monitor EU subject behavior while they're in the EU. By actively rejecting those potential customers and not tracking them (because you refuse to provide them the product), does that not suffice to not have to worry about the rest of the terms?
I know there are a few cases regarding linking to news articles and how the company in question can't stop providing that service, but in all such cases I'm aware of the offending company had other ties to the EU whereby the GDPR might have been enforceable.
extra-EU I mean.
