Is this really insane about the GDPR though? My experience is that companies go out of their way to make their GDPR compliance as malicious as possible, hoping that people will blame the law, not the shady practices of the company. They did the same with the cookie banners as well, and were very successful on that front.