[dantheman]

It's not about treating it correctly, it's about worrying about vageries in the law and complying with them.

Of course information should be protected, but there are all sorts of compliance procedures and processes that significantly increase complexity and cost.

[TeMPOraL]

Asking for consent doesn't significantly increase complexity and cost. The required level of audits to support a world without asking for consent - now that would increase complexity and cost.

And no, not asking for consent and collecting data without supervision is not an option, neither legally nor ethically.

[dantheman]

There is a lot more to GDPR than the consent popup.

[TeMPOraL]

GDPR isn't about the popup, but is about consent, and having to get it to be allowed to process personal data.