> it left the loopholes to allow websites to try and trick accepting.
It did not. These practices are illegal under the GDPR, the problem is a chronic lack of enforcement by most national enforcement agencies in all but the most severe cases.
Some are just ineffective but others have gone completely rogue. Swedish Data Protection Authority (DPA) for example takes the position that commercial data brokers like Mrkoll are allowed to publish and sell people's personal information (including your current home address, hello stalkers!) [1] and that this is somehow protected under the pretense of "journalism" [2].
[2] Doesn't fully capture the negligence of the Swedish DPA ("IMY"), here's a better source:
> IMY’s practice of simply “forwarding” complaints.
> The IMY’s way of dealing with complaints since the Supreme Administrative Court ruling is to attach an “appeal form” to their (non-)decisions. But it still doesn’t investigate the complaints. Instead, the authority simply forwards the complaint to the entity that illegally processes personal data and then immediately closes the case. This also happened in the case preceding noyb’s current legal action against the IMY. After a data subject filed a complaint regarding a recorded phone call, the authority forwarded it to the respondent without investigating.
It did not. These practices are illegal under the GDPR, the problem is a chronic lack of enforcement by most national enforcement agencies in all but the most severe cases.
Some are just ineffective but others have gone completely rogue. Swedish Data Protection Authority (DPA) for example takes the position that commercial data brokers like Mrkoll are allowed to publish and sell people's personal information (including your current home address, hello stalkers!) [1] and that this is somehow protected under the pretense of "journalism" [2].
[1] https://mrkoll.se/resultat?n=Otto&c=&min=16&max=120&sex=a&c_...
[2] https://noyb.eu/en/swedish-data-brokers-claim-journalists-le...