[AJ007]

I would strongly recommend reading what Pagefair has been putting. They have been one of the few sources I've found that is take GDPR literally. It isn't even clear what level Google's compliance will be - https://pagefair.com/blog/2018/googles-nonpersonal-ads/

There are a lot of extremely serious questions that arise regarding network security, anti-fraud, and anti-abuse measures. Just looking at basic bot detection measures, all of the sophisticated methods are now illegal. It certainly requires a major re-think of how websites serve content as well as the sustainability of advertising as a revenue channel. I can't even wrap my head around how someone would run a GDPR-compliant dating website/app.

If you think Pagefair's interpretations of the GDPR are correct then Google and others are calling the EU's bluff. They are implementing part of the GDPR strictly but the parts which invalidate their business models are being interpreted more liberally or ignored altogether.

I'm not saying that the GDPR is a good idea, bad idea, morally right or wrong. Rather, a lot of things we have come to view as a given -- such as how we detects bots, fraud, and abuse -- are no longer valid. Infrastructure, both technical and business, will need to be re-designed either to comply with the GDPR or evade it.