Once again, I'm amazed some HN readers, like yourself, are unfamiliar with the basic tenets of the GDPR. (Hint: A company cannot provide a service on the condition that you provide unnecessary personal data or consent to spying)

If you work in a tech field, there is simply no reason for such ignorance.

It's adorable that you think every company actually abides by these rules. There have been class action lawsuits recently against the largest tech companies. Why wouldn't the smaller ones break the rules too?

It's akin to cheating in financial markets. Hedge funds will gladly commit fraud or other cheating methods as long as the fine is less than the income gained.

The GDPR doesn't impact a lot of companies, if you are acting on behalf of a customer who is the actual data processor for instance.