It depends if someone bothers to sue them or not. In the EU court decisions until now point that profiling for advertising should be opt-in not opt-out but companies keep trying to find loopholes or at least hoping to not attract too much attention with their defaults.
In EU no one individual needs to sue them. The what-ever-the-office-might-be-responsible at EU burecracy will just send them an nicely worded letter that says “play by the book or we’ll give you fine big enough to bankrupt you no matter how much money you think you have”. The fine is based on company revenue (or sales, I don’t remember what it spesifically was) and there’s no way you’ll weasel yourself out of that no matter how many american lawyers you can hire. The same folks forced Apple to adapt usb-c, so good luck Spez if you try to challenge that.
One small correction: There is no EU office responsible for GDPR enforcement, the EU member states are responsible for handling GDPR breaches within their jurisdiction (Art. 51 GDPR). As an individual you can also file a complaint against offenders (Art. 77 GDPR).
Will they become liable if I don’t opt-out?
In the EU, they certainly aren’t allowed to “assume consent”.
It depends if someone bothers to sue them or not. In the EU court decisions until now point that profiling for advertising should be opt-in not opt-out but companies keep trying to find loopholes or at least hoping to not attract too much attention with their defaults.
In EU no one individual needs to sue them. The what-ever-the-office-might-be-responsible at EU burecracy will just send them an nicely worded letter that says “play by the book or we’ll give you fine big enough to bankrupt you no matter how much money you think you have”. The fine is based on company revenue (or sales, I don’t remember what it spesifically was) and there’s no way you’ll weasel yourself out of that no matter how many american lawyers you can hire. The same folks forced Apple to adapt usb-c, so good luck Spez if you try to challenge that.
One small correction: There is no EU office responsible for GDPR enforcement, the EU member states are responsible for handling GDPR breaches within their jurisdiction (Art. 51 GDPR). As an individual you can also file a complaint against offenders (Art. 77 GDPR).