Please substantiate your claims. Your single sentence managed to pack three unsubstantiated claims into it.
* "Started with" implies that there were no motivating factors for the GDPR, nor a situation being responded to. Online surveillance is a clear harm being done to users, to which the GDPR is a clear response.
* "Ignorant lawmakers" implies that the law was poorly crafted with little subject matter knowledge. This hasn't been my experience in reading it, that the GDPR is well-crafted to make certain unethical business models be infeasible, while avoiding impact to data collection that is essential to a service.
* "Made web browsing worse" implies that the current state in which surveillance must make itself known is worse than the previous state in which surveillance could be done silently. I would argue that it is a better state, as knowledge of a hostile act is the first step in preventing it.
Has “surveillance capitalism” subsided at all after the GDPR? Did any company announce that it affected their revenue negatively?
How many people are saying “we are so glad we have cookie banners everywhere”. I’m also sure that every small business is glad to have to decipher the huge law.
* Explicit claim: "Websites complied with the law" The GDPR does not allow a refusal of consent to take more steps than an acceptance of consent. I have only seen a scant handful of websites where this is the case. Instead, refusal requires following additional links, sometimes disguised as "privacy policy details", disabling each pre-selected consent box, etc.
* Implicit claim: "Websites complied with the law" implies that the websites took the only method by which they could be compliant. This is incorrect. Websites had a choice, and could have stopped surveilling users instead. This is a breakage in the causal chain between the passing of the GDPR and the omnipresent cookie banners.
* Explicit claim: "Web browsing got worse". Appeals to a majority are not sufficient. A user-hostile website being required to announce itself as such is an improvement.
So your contention is that it’s not a bad law. It’s just an unenforced law and therefore is still ineffective?
As far as appealing to the majority, if the majority don’t like the consequences of a law, in a democratic society isn’t that prima facie a bad law unless the law is to protect the minority from the majority?
If the websites complied with a law in a form that made web browsing worse and didn’t achieve its intended purpose - isn’t that yet another sign of a badly written law?
The hitmen (using your analogy are the websites that track) are still killing just as many people. But now it’s just making it harder to drink a glass of water.
Are the two sentences completely uncorrelated? Yes, so is the effect of the GDPR on websites.
Well, it’s simple. Did Facebook announce any ill effects during it quarterly results caused by GDPR? No.
Did they announce a decline in revenue caused by Apple’s ad tracking transparency - yes by the tune of billions and they called that out as the reason,
