This is increasingly my suspicion. I'd expect that they could have solved any technical issues around disabling tracking or letting users opt-in/out by now, which leads me to suspect that they have their business model based on being able to share certain data. It's very possible that they've A/B tested GDPR compliant flows/messaging, and found that their metrics/revenue dropped enough that they feel they have to do something more drastic. Although the argument against that is the fact they have literally just disabled access for European users.
GDPR has basically turned the lights on all of the companies doing questionable things with user data. Shutting down or turning off the EU is a huge red flag.
No it’s not. The way big companies are dealing with the GDPR is to ask their lawyers what to do. The lawyers define compliance very expansively since they’re not the ones doing the work and they are the ones who will be blamed if the EU comes after the company. So they say, “every single trace of anything related to user data must be purged.” So the company asks every engineering team to fill out a 200 point checklist about what they are doing with user data.
So, unless you’re saying that “Pinterest’s site reliability team can’t answer question 192 about how user data is deleted from the incident management system logs when an event is traced” is a “huge red flag” then you are exaggerating the issue.