The enforcement is that the state regulators can fine them quite substantially. In the EU and UK a lot of things around regulating business behaviour with consumers happens with consumers complaining to regulators rather than consumers suing companies through class action suits.
In the UK at least more often than not if I have a problem with a company, esp for some kind of utility, there is an ombudsman that is the first port of call over the courts.
The fines that the EU states can issue are very substantial % of revenue amounts.
In the case of the UK, which I'm most familiar with, it's probably a combination of the ico and ofcom which have the relevant powers to fine someone like Meta.
Not sure if that's a serious question and you actually consider lawsuits by private individuals the only functioning method of law enforcement, but: enforcement by governments or regulators is a thing, and on top of that anyone can still sue Meta, they're just not going to get rich doing so.
The GDPR fines can actually be quite large, although they won't be paid out to you personally.
«The more serious infringements go against the very principles of the right to privacy and the right to be forgotten that are at the heart of the GDPR. These types of infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue from the preceding financial year, whichever amount is higher.»
In the UK at least more often than not if I have a problem with a company, esp for some kind of utility, there is an ombudsman that is the first port of call over the courts.
The fines that the EU states can issue are very substantial % of revenue amounts.
In the case of the UK, which I'm most familiar with, it's probably a combination of the ico and ofcom which have the relevant powers to fine someone like Meta.