[supradeux]

Ah good question, it depends. So getting a GDPR compliance requires you to not only put that popup, but also disclose what personal information you are storing, to both the auditor and the user. The anomalies arrive when the users are not careful to read those disclosures and the companies take advantage. In our case, we gather only the user emails from Oauth2 media, which we use to analyse user behaviour and improve the product.

And adding to that, any platform in this domain, if it asks for more personal information, is subject to suspicion as to what they use it for.