> Malicious compliance is exactly what the EU should have expected and planned for.
It usually isn't compliance, malicious or otherwise.
It is malicious “we know we are breaking both the letter and the intent, but we know they don't have resources to properly enforce against everyone, so we are going to chance it for as long as we can”. The vast majority of these consent systems are not compliant with any of the relevant regulations (ePrivacy Directive, GDPR, CCPA, …). They will fix it when they get a slap on the wrist. If they get anything it will be a slap or a warning because while anyone in their right mind is pretty sure that the non-compliance is deliberate, that is nigh-on impossible to conclusively prove.
It usually isn't compliance, malicious or otherwise.
It is malicious “we know we are breaking both the letter and the intent, but we know they don't have resources to properly enforce against everyone, so we are going to chance it for as long as we can”. The vast majority of these consent systems are not compliant with any of the relevant regulations (ePrivacy Directive, GDPR, CCPA, …). They will fix it when they get a slap on the wrist. If they get anything it will be a slap or a warning because while anyone in their right mind is pretty sure that the non-compliance is deliberate, that is nigh-on impossible to conclusively prove.