[relics443]

Yes. Besides for the administration costs incurred (which is probably the real killer), the list of death points are:

1. Adding a dialog as the first step in an onboarding funnel that's already difficult to get users through

2. Handling non-consent. WTF! So if the user doesn't give consent to something that 99% of the population doesn't understand, I'm not allowed to prevent them from using the app. And so my engineering team needs to waste critical hours figuring out things like how to deal with crashes, or maybe how in the fuck we're supposed to fallback to not using services that we're built on (e.g. Firebase)!

3. Dealing with the fallout of #1 in the form of bad reviews that are the kiss of death to startups

[DmenshunlAnlsis]

Handling non-consent. WTF! So if the user doesn't give consent to something that 99% of the population doesn't understand, I'm not allowed to prevent them from using the app.

This is like a living, breathing example of why GDPR had to be written the way it was, so that arrogant techbros couldn’t rationalize their way around to screwing everyone over for a quick dollar. It’s also a perfect example of why you get zero sympathy. “But maaaa, it’s hurting my funnel!” Good.

[relics443]

Did you read any further? If I can't prevent them from using the app, then I have to solve an impossible problem. Namely providing a fallback for core services that the app is built on.

[Maarten88]

You do not need any consent for essential services. But you do need to make sure that those services do not sell your users personal information to third parties, and make sure you can comply with other GDPR requirements (right to be forgotten etc) by getting a data processor agreement with that core service. You are responsible for what your suppliers do.

If you would have built your whole app on "free" services for which your users pay with their personal information, that would be problematic under GDPR. And rightfully so.

[relics443]

So now the EU is in charge of how I decide to build my app, and is trying to dictate what suppliers I can use?

What if I decide that crash reporting is an essential service (it is), and the EU's lawyers decide that it's not? Who is going to pay my legal fees, and potential fine? I should be on the hook because some schmuck uses a service that I provide for free (which essentially means I'm paying for it with my time), and is upset that I may not be handling his data in the way that the EU says I should be? The sane solution would be to allow me to tell this individual that he cannot use the app if he doesn't consent. But here comes the EU telling me that I must allow him to use the app.

[Maarten88]

> So now the EU is in charge of how I decide to build my app, and is trying to dictate what suppliers I can use?

No, the EU only stipulates that you are not allowed to sell, leak or otherwise slander personal data from EU residents without their freely given consent, and makes you liable for that.

IANAL, but I think there is no reason to fear too much, though I would stay on the safe side regarding interpretation. And remember that anybody can report you for anything to the authorities, or sue you already; if you are prosecuted you'll have to pay your legal fees and fines whether it's about GDPR or not.