> completely anonymized data that still identifies unique visitors
That's an oxymoron. If your "completely anonymized data" is unique enough to reidentify unique visitors with reasonable probability then it isn't "completely anonymized" - it's pseudonymous.
That's the problem with all these supposedly GDPR-compliant analytics things - the GDPR outlaws analytics without consent (there's no case law whether it would fall under legitimate interest, but I doubt it), there's no way around it. It doesn't matter what technical means you use (whether cookies, fingerprinting, or a crystal ball) - if your analytics "work" in the sense that you can tell unique users apart, then you are in breach because you are effectively collecting/computing and storing some sort of identifier that can reidentify a user with reasonable accuracy.
That's an oxymoron. If your "completely anonymized data" is unique enough to reidentify unique visitors with reasonable probability then it isn't "completely anonymized" - it's pseudonymous.
That's the problem with all these supposedly GDPR-compliant analytics things - the GDPR outlaws analytics without consent (there's no case law whether it would fall under legitimate interest, but I doubt it), there's no way around it. It doesn't matter what technical means you use (whether cookies, fingerprinting, or a crystal ball) - if your analytics "work" in the sense that you can tell unique users apart, then you are in breach because you are effectively collecting/computing and storing some sort of identifier that can reidentify a user with reasonable accuracy.