Once again, I'm amazed some HN readers, like yourself, are unfamiliar with the basic tenets of the GDPR. (Hint: A company cannot provide a service on the condition that you provide unnecessary personal data or consent to spying)
If you work in a tech field, there is simply no reason for such ignorance.
Well the article then proves clear violation of those rules. Not only is no consent or notification provided but when the secret data collection is blocked the device gets remotely disabled. Perhaps someone should file a complaint against this company and see if they get fined to death.
It's adorable that you think every company actually abides by these rules. There have been class action lawsuits recently against the largest tech companies. Why wouldn't the smaller ones break the rules too?
It's akin to cheating in financial markets. Hedge funds will gladly commit fraud or other cheating methods as long as the fine is less than the income gained.
If you work in a tech field, there is simply no reason for such ignorance.