I can only speak for myself, but actually I go to the detailed cookie settings and unselect everything I'm not ok with. In particular, I unselect ga and Fb pixel because I believe the habit of collecting visit data at an all-seeing central site isn't worth it, and actually is the major characteristic of a dystopian future that hacker culture has always been opposed to. If the consent settings are rubbish, I don't bother and leave the site; OTOH, if the settings are reasonable, I usually accept optimization and some analytic cookies.
I can't stress enough how much of a game changer that is, by revealing the amount of third-party trackers on websites (in the order of up to 500 on a single site) alone.
So I guess GDPR works for me. There's a lack of enforcement, though. But that could change; for example, in Germany, bored law firms (eg those not having clients currently), or anybody actually, can print money by starting an "Abmahnwelle" eg. insist on GDPR compliance within a certain period of time, then sue any site for non-GDPR compliance, all the while being entitled for compensation of their expenses if they have a cause.
It may be the German implementation is different in this regard, but IIRC the GDPR did not create a personal right; enforcement is solely at the discretion of the relevant authority. I thought that was intentional; as a way to limit frivolous lawsuits, but I'm no expert by any means - are you sure this is actually possible?
No I'm not very sure, IANAL. I just thought that "Abmahnen", for once, could actually be used for something useful when it was used to bother small sites for violating the German "Impressumspflicht" (duty to include press contact info on sites). I'm also not sure it can be legally excluded for GDPR specifically as it has been a staple of German "Rechtspflege" (procurement of law by private orgs) for a long time. I know there has been a relative recent change in jurisdiction where compensation for "Abmahnen" was denied when it wasn't carried out in good faith, but I don't believe GDPR violators can rely on that one for continuing malpractice. I also believe when GDPR was enacted in 2017, internet companies got an additional two year's period of bringing their sites into compliance.
Sounds to me like it's not in general permitted (but with a huge exemption), but is possibly permitted to the extent that failure to comply with the GDPR constitutes unfair competition. So that means you can't simply use the "Abmahnen" procedure to enforce privacy rights, but rather need to demonstrate you're a market competitor and that it's relevant to your competitive position. Edit: no, I think I misread- that may be a possible conclusion but it's just not clear.
I can't stress enough how much of a game changer that is, by revealing the amount of third-party trackers on websites (in the order of up to 500 on a single site) alone.
So I guess GDPR works for me. There's a lack of enforcement, though. But that could change; for example, in Germany, bored law firms (eg those not having clients currently), or anybody actually, can print money by starting an "Abmahnwelle" eg. insist on GDPR compliance within a certain period of time, then sue any site for non-GDPR compliance, all the while being entitled for compensation of their expenses if they have a cause.