It's the member states that are tasked with enforcing it. Here's what they've been up to: https://www.enforcementtracker.com/

The EU member states do not care. Is it better?

It was adopted 4 years ago, enforceable for the past 2 years. Still every single site that even cares about showing a nagbox offers only opt-outs. Those numbers listed are a joke compared to the 4% worldwide revenue stick. What's the point of the big words if we are not prepared to back them up?

What do you mean “The EU member states do not care”? @seslaire literally posted a link to a list of GDPR enforcements.

I don't get the confusion

1. Most sites are blatantly non compliant, see opt-outs (presets). For example if someone from covered regions does a search on Google right now it presents them with 2 buttons, 'I agree' and 'See more', the former is pre-checked to enable tracking everything, the latter leads into a labyrinth of settings. Not even an opt-out everything is presented (itself non compliant, but still). It is presented everytime, unless they sign up for a Google Account and/or download their browser extension.

This is definitely not how private by default should work.

2. The EU created a stick big enough in theory to go after anyone, yet they refuse to do so for years. Indeed, we are probably interpreting those numbers differently. They are a slap on the wrist at best and anchoring the discussion at the wrong point. For example in the above case the potential fines for Google could be up to ~$6B yet the listings do not add up to $60M, that's two orders of magnitude.

As it stands, GDPR achieved very little so far to protect the average user. Tracking is as bad and invasive as it has been for years.

What capabilities would the streamed app have for deception that a website lacks?

But then why are browsers allowed in the App Store?

Quite the contrary: https://digiday.com/media/new-york-times-gdpr-cut-off-ad-exc....

Discussed on HN: https://news.ycombinator.com/item?id=18920079

The NYT is a different story. There's a critical mass after which it becomes worthwhile to just target your audience. I doubt these guys are at it.

Don't believe me, though. Talk to ad execs (spending money on this) or ad ops (using the money on this) and see what they think.

In fact, since you won't have the GDPR hassles if you go untargeted, you should consider following this thesis to its logical untargeted exchange conclusion because with CCPA and GDPR you could push the targeted guys out of business and that's a many billion dollar market. If you're convinced of your thesis, then you're on the cusp of mega money.

Good luck.

In Hungary for instance, one can simply send an e-mail with the necessary details of the complaint to NAIH, the National Authority for Data Protection and Freedom of Information, and within the legally mandated period of 60 days, they will carry out the necessary investigation and enforce both national law and GDPR.