> Certainly not. The GDPR does not permit data trawling or allowing data controllers to do what they like with your personal data once they have it. It must only be used for the purpose it was requested for.

You might want to read the privacy policies of some of the European fintech and ad-tech companies (nb: I've worked at some of them). They cast a wide blanket over all purposes.

At best, the GDPR only introduces a minor indirection, the problem of hoodwinking the "data subject" into clicking the accept button. At worst, it gives them false sense of privacy, where there isn't much.

> At best, the GDPR only introduces a minor indirection, the problem of hoodwinking the "data subject" into clicking the accept button

True. Some people are daft enough to opt-in and click the "accept cookies" and "give my personal and location data to strangers" buttons. These people don't care about privacy and are beyond help.

> At worst, it gives them false sense of privacy, where there isn't much.

Those of us who bother to understand and use privacy law have very good protection thankyouverymuch.