>This problem is practically fixed in the EU (to the extent that legislation can fix it). Data protection laws have enough teeth that real companies can’t afford to keep or sell customer information illegally
Not even close to the case for any big player. It just exists as a moat for smaller companies.
https://www.enforcementtracker.com/ and sort by amount, these are not small companies and amounts aren't exactly trivial either, with a mechanism to get bigger if ignored.
Meta appear 4 times in the top 10 with a total of about 2.25bn in fines. That sounds like a lot but it's only 1.6% of their revenue. As a cost of doing business that's probably acceptable to the Meta board. It'd cost them more to do things properly, so there's little incentive to do so.
The fines will increase if they continue breaking the rules, so there is incentive.
The fines are calculated to be enough to pad the coffers of the EU bureucracy and for FB to not really care, to keep this racket going.
Besides fines being able to grow that's global revenue, probably a bigger part of EU revenue. And their margins aren't 100%.
I've worked with many large enterprises, including US megacorps, who have completely changed how they handle EU data post-GDPR. It's not perfect, but it's certainly not just a toll to be paid to continue old practices.
Like with most laws, smaller companies have smaller chance to get caught and smaller likely penalties.
But I've noticed there are two kinds of people when it comes to entrepreneurship and regulations. There are people who go all gung-ho and do what they want and ignore the law as much as they can get away with. And there are people who are so scared of things like laws that they never become entrepreneurs. I don't see much of a middle ground in practice.