[immibis]

And the EU doesn't jump straight to the maximum penalty and gives you plenty of warnings to sort it out if you accidentally don't comply in a subtle way. If it's noncompliant in a subtle way that doesn't actually cause a problem they certain won't even notice.

Look how blatantly Apple ignored the DMA and how long it's taken the EU to pursue real enforcement action. It seems clear: there is no need to *fear* EU penalties unless you are dead set on noncompliance. Honest mistakes don't bring down businesses due to GDPR.

[hot_gril]

If this isn't a written policy, it's not a good enough guarantee. If you're only judging based on Apple: Just because it takes long to be penalized doesn't mean you won't be, and Apple has a lot more legal resources than most companies.

[immibis]

Nothing is a good enough guarantee. They don't exist. The perfect is the enemy of the good. Stop looking for guarantees that don't exist, and start doing business with fuzzy logic - successful businessmen know they are constantly testing the boundaries of the rules. A negative result (this thing isn't allowed) from a test isn't a failure, if you do it right - it's just a negative result. Apple is on the path to severe penalties because they were repeatedly told something wasn't allowed and then kept doing it, even going so far as to do it in ways that seen to be mocking the decision.

[hot_gril]

Tell this to the huge number of websites that use cookie banners, not me.