Well, consent fatigue is an interesting term. I think it's more a matter that people are resigned to the fact that no matter what they do or don't encounter in a so-called privacy policy, it's irrelevant, because the language that has been allowed—and frankly, embraced—by Canadian, European and other data protection regulators is allowed to be so vague as to be meaningless.
A perfect example is that you'll typically see the introductory fluff, “We respect your privacy,” and then it's, “We will collect your personal information only for business purposes,” and a list of other vague terms. Every for-profit organization's business purpose is to improve their bottom line and their net profit. Anything they can do to fulfill that obligation is a legitimate business purpose, as far as they're concerned. It's meaningless when it comes to protecting individuals. When we say yes to any of these, the companies essentially have carte blanche to share our information with their business partners, whoever they might be, wherever in the world. When it's outside of Canada, those companies do what they wish with it, for as long as they wish.