I really don't know why people think that the authorities will (or even could) automatically punish each minor infraction with 4 % of global revenue or 20 million €. GPDR article 87 specifies in great detail when fines should be imposed and how their value should be calculated, and the Article 29 WP also has a guideline on that:

https://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

It is therefore simply not possible for a data protection authority to impose arbitrary or ridiculously high fines as they would never hold up in court.

In an ideal world, yes. But that leads you down a Kafkaesque hole of bureaucracy - at some point you have to stop adding detail and leave things open to interpretation. There are plenty of laws out there with fines "up to €X" and, from my limited experience, I don't think the GDPR is especially ambiguous compared to others.

The law says that the fines should be "effective, proportionate and dissuasive". That gives companies ample room to challenge a fine that is way out of proportion to the damages caused to their users.

If the penalties were exact and written into the law then companies could simply make more from your privacy data than the fine they would have to pay. That would have the opposite effect of the law. Adding a clause that the fine is discretionary gives the enforcer the ability to adapt to this sort of behavior.

> based on the whims of politics and the regulators

Political whims? Maybe in the USA judges and prosecutors and police cheifs are elected every few years and these things are political and can change, but this isn't the case in many EU countries.