The ambition is cool, but the reality of a sweeping sector-wide law with extraterritoriality is it just makes the lawyers rich. No sane business is running a Matomo instance with high privacy settings and hoping for the best.
The objective of the law is to put an end to the current "Wild West" attitude when it comes to data privacy, and the only reason it hasn't (yet?) had the desired effects is because enforcement is significantly lacking, so you're seeing the downsides without significant upsides.
There is tremendous value in having the GDPR enforced properly though. Imagine a world where you can actually talk to someone or buy something or without Google or Facebook knowing about it, webpages no longer embedding dozens of third-party trackers, "data brokers" going out of business, etc.
IMO it's actually quite insane that we let the situation deteriorate so badly that something like the GDPR was needed, both from a "do the right thing" perspective (smearing your PII over tons of third-parties with dubious or outright malicious business models is a sign of disrespect for your users, not to mention security liability) as well as legal perspective (some countries already had existing legislation around electronic data processing that predates the GDPR).
There is tremendous value in having the GDPR enforced properly though. Imagine a world where you can actually talk to someone or buy something or without Google or Facebook knowing about it, webpages no longer embedding dozens of third-party trackers, "data brokers" going out of business, etc.
IMO it's actually quite insane that we let the situation deteriorate so badly that something like the GDPR was needed, both from a "do the right thing" perspective (smearing your PII over tons of third-parties with dubious or outright malicious business models is a sign of disrespect for your users, not to mention security liability) as well as legal perspective (some countries already had existing legislation around electronic data processing that predates the GDPR).