[probst]

> Which is why GDPR, although theoretically a good idea, is pretty much useless in practice.

This is very much not true. GDPR isn't restricted to regulating tracking on websites. It also restricts and regulates what companies can do with the customer data they are in possession of. Through my day job I constantly interact with large enterprises (Fortune XXXX) that have vast amounts of personal data through their regular operations (banks, telcos, car manufacturers, airlines, insurance companies and the likes). Nearly without exception they go to great lengths to ensure the data is managed correctly, not used for purposes the customer hasn't explicitly consented to etc. This is as a direct result of the GDPR.