GDPR is a small step in the right direction but there have also been major steps backwards, especially with respect to encryption. They talk consumer privacy on one hand but discuss how to remove protective tools with the other. I'm not saying it is better anywhere else, but that we can't just say "oh GDPR is here, everything is alright."
I understand why people point to GDPR but I agree that it is misguided. Mostly Americans see the dark patterns (when I use a European VPN the experience is generally smoother). The much larger share of the blame is on the companies, the ones who got us into this mess in the first place. And there are egregious examples like StackOverflow which just have no excuse.
