If the data was sent as part of normal operation, then yes, it should be fine. But the post above is talking about incrementing an ID in a query, or inject SQL.
The intent of the person doing the incrementing id, or sql injection, is very much required to be taken in to consideration when considering whether it is an illegal act of computer trespass.
Anyone can increment an ID or try to inject sql. 30 years of security practices shows white/grey hat hacking to be a good thing, and should be expected. GDPR even makes poor security finable. Cyberdefence also requires more security expertise, which can only be had from real experience.
"It's fine when the good guys do it", is poor lawmaking. So intent is hard to prove, and not very practical. It also put the blame on the accused, having to prove their innocence.
I find it interesting that people equate information breaches with murder.