tl;dr: In 2021, the author told Elkjop's DPO that requiring customer club membership as a condition for receiving marketing emails violated GDPR's "freely given consent" rule, but the company refused to change. Five years later, Norway's Datatilsynet fined Elkjop NOK 20M (~€1.8M) for exactly that violation, plus repurposing club data for ad tracking without a compatibility assessment. The author only learned of the outcome via a volunteer-run wiki, and is now pressuring the Swedish DPA over its Article 77(2) duty to keep complainants informed, while preparing civil litigation.