In Recital 43, the GDPR adds a presumption that consent is not freely given if there is “a clear imbalance between the data subject and the controller, in particular where the controller is a public authority.” Importantly, a controller may not make a service conditional upon consent, unless the processing is necessary for the service. Also, data subjects have the right to withdraw given consent.
they had similar wording to the cookie things. you had to say for what feature the cookie would be used, at the time the user was actually starting use of the feature. advertising? logging in? ....in the end everyone just says "to use this website" and use for whatever (but mostly ads)
gdpr is a nightmare for websites, because of the consent rule.
but guess what is the first thing you with a ISP. You sign a contract. done. it's all legal with gdpr or not.