The "malicious" compliance came from the trick that accepting / opting-in was fast and almost instant, but rejecting / opting-out was a slow and arduous process, and it required lawsuits and fines [0] for companies to comply.

I found a website that lists all fines handed out for violating the GDPR: [1]

[0] Google fined €325 million by French CNIL for placing cookies without consent https://www.cnil.fr/en/cookies-and-advertisements-inserted-b...

[1] https://www.dsgvo-portal.de/gdpr-fines/gdpr-fine-against-goo...