[matijsvzuijlen]

Item (f) in that same Article 6 can be applied to collect data without explicit consent:

(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

[microtonal]

IANAL, but privacy regulators in various countries (but also the GDPR) have been fairly explicit that this cannot be used for blanket collection of data. E.g. GDPR recital 47 states that there must be a reasonable expectation of the data subject that such data is collected, e.g. because they data subject is a client (in the non-technical sense) of the controller. The purpose for the collection should be specified and properly communicated. Also AFAIK all the rights of the data subject are retained. E.g. they can request the data and ask that the data is removed.

General analytics on a website are probably not covered under f, since it is not necessary and not what you’d expect when you visit a website to which you have no customer relation.

There are clear cases where one has to collect data, even without consent, such as fraud prevention.