This is an incredibly unfair conclusion. Beyond the time it would make it to make the actual technical changes, he's right in saying that GDPR is written in a very ambiguous way that is going to open up the possibility of litigation that smaller shops will not be equipped to absorb. He's made a calculated decision that for him personally it is not worth the additional legal/financial risk to continue operating the business. GDPR is complicated and we dont know what the enforcement side is going to look like yet.
It's really funny because the blog post is far more ambiguous than the GDPR. He cites no specific provision of the GDPR, he doesn't quote the law, all he does is offer up the big scary $20m number.
It's pure FUD.
But since we're throwing out wild speculations it's more than possible this guy was doing something really shady. (He admits to affiliate links which are perfectly fine under GDPR). There would definitely be a market for user data even about who's borrowing what, where. Certainly the vast majority of these "the GDPR killed our free business" are precisely these shady businesses who knew they were dead anyways if they had to actually ask their users for consent in plain language.
