The Python Software Foundation on European cybersecurity

That's a good story, but the issue is really one of education. Basically, the law with respect to business/consumer relationships is that the default options are the best for the consumer. If a business is trying to get you to sign up to some legalese, there is really no way that can be advantageous to you.

With bigger companies like telcos, energy providers, ISPs, etc their terms of service are generally lodged with the chamber of commerce and consumer organisations are all over them making sure there's nothing crazy in there.

In your story, if all they were doing was collecting signatures to be able to demonstrate support, then they wouldn't need to ask permission under GDPR, because you only need to ask permission for processing that is not required for the service being provided. So the fact they're asking permission is a big red flag saying they're going to do dodgy stuff with your info.

So really, we need to teach people that if someone on the street is trying to get you to read pages of legalese, WALK AWAY! If you're at the checkout of a supermarket and suddenly they pop-up a form agreeing for them to use your payment info, that's a big fat red flag.

With respect for enforcement, I think the EU Small Claims procedure[1] would be appropriate here. It's a purely written procedure, though might get a bit cumbersome if translations are required.

[1] https://europa.eu/youreurope/business/dealing-with-custom...