It's strictly illegal under GDPR, the agreement is void as it contradicts the law (you cannot have terms and conditions superseding the law). The policy - "agree to tracking" must be explained and justified, consent must be given (affirmative action by customer/user).
Failing to do that and holding user's data as hostage would be compliance breach. GDPR fines are no joke and set forward to prevent abuse. (up to 20m euro or 4% global revenue) GitLab is no small business any more and a fine would outweight the 'tracking profits'
It's strictly illegal under GDPR, the agreement is void as it contradicts the law (you cannot have terms and conditions superseding the law). The policy - "agree to tracking" must be explained and justified, consent must be given (affirmative action by customer/user).
Failing to do that and holding user's data as hostage would be compliance breach. GDPR fines are no joke and set forward to prevent abuse. (up to 20m euro or 4% global revenue) GitLab is no small business any more and a fine would outweight the 'tracking profits'