A year and a half after GDPR became enforceable, it might seem to the average user that not much has changed, and indeed, many companies just considered it as "just another consent to click by".
If there was any doubt, the grace period is over, and good faith, best intentions and collaboration with authorities just won’t cut it anymore.
As the author notes, maybe the most interesting part of this decision is that the DPA (Data Protection Authority) acted from its own initiative, without any specific complain raised by a data subject.
Now this might take some time to travel East and West outside of Europe, but legal precedents are coming. Privacy is by design, not conditional.
The Belgian Data Protection Authority issued a fine of 1% of the annual turnover of the company for not acting in compliance with the cookie rules, despite the corrective actions undertaken by the company. The DPA confirmed that by issuing this sanction, it wanted to set an example, warning all companies that cookie compliance is a “must have”.