Indeed, having it repeatedly demonstrated that companies are willing to unapologetically break laws to attempt to trick me into permitting them to scrape up my personal data is not very comforting.
CNIL, the French regulator, did just (last month) fine Google and Facebook 150 and 60 million euros, so there is some level of enforcement, but I agree it's not enough.
There are some big ones here: https://www.tessian.com/blog/biggest-gdpr-fines-2020. Ironically, that site also has a cookie banner that attempts to trick you into thinking that the highlighted button will save the default preferences shown (it won't, it'll turn them all in, then save that). This is illegal too.