No we don't, and we never did. The whole "GDPR" thing is a sham - unfortunately this is the case in many countries, but especially so in the UK. The ICO is one of the most useless "regulators" I have ever dealt with, somehow even worse than telecoms regulators.

This isn't some sort of subtle and concealed breach of the GDPR that everyone puts effort into keeping quiet. It's blatant, obvious, and in the face of everyone who visits major news websites. If it was enforced, the practice would've quickly stopped.

It's about as subtle as committing murder on live TV. If you don't get arrested for that, it's clear that the law you've broken is not being enforced.

> You should report sites that do that

But let's hypothesize and see what it takes to actually do this:

As per the ICO's requirements, you must first contact the organization that has wronged you and give them time to address your concern.

They have 30 days to do respond, and could extend it potentially indefinitely by engaging in pointless arguments. They could also make technically flawed arguments in how they're not actually tracking you or collecting personal data, and those will successfully work because there's no technical expert on the ICO's side to review it and call bullshit. You need full-time admin staff to deal with these matters.

Assuming you finally get to a stage where you have grounds to make a complaint to the ICO, what are they going to do (if anything)? Well at best they will send a letter, which is not legally binding in any way and will promptly get ignored by the recipient, which is fine because the truth is, both sides are complicit and just want the matter to go away - whether the underlying problem is solved or not is not their concern.

In practice, even if the ICO wanted to act (they don't - don't bite the hand that feeds), what would they do? This isn't a single, small offender, this is the entire newspaper industry. They not only have a lot of lobbying power but outright control the narrative. They know it, and that's why they have no fear putting evidence of their GDPR breach on their homepages.

Are you ready to hire a full-time admin team to do this (and end up absolutely nowhere, except maybe collecting evidence of this "regulator"'s uselessness)?

--

GDPR enforcement in the UK (and sadly in a lot of other countries) is and will remain a sham until the issue becomes politically important. The regulator on its own, even with the best of skill and intentions will not succeed in this battle. The only way I can potentially see this changing is if we see continuous and recurrent data breaches of politician's personal data and dirty laundry, but even then the likeliest solution is a two-tier system where politicians are allowed to have privacy while everyone else doesn't.