AEPD are well known, even in the rest of the world. They have a different strategy compared to other countries. Ireland's DPC are also heavy handed, but focus on large companies mostly.

France's CNIL is also not bad. They are particularly hard against things like "you accidentally sign up for x y z services when only wanting to sign up to service A".

Gdpr in the EU is also miles ahead of what the US has, or at least what it has been enforcing for a long time.

Thta's wonderful! Most of europes GDPR/Data protection autohrities are completely worthless and seem to constantly side with big corps.

Only when they start to side with the people, actually fining business billions and billions will things start to change. I hope we'll see this happen in europe at large, and not only in a few countries.