Its been amusing. You can spot the Americans because they refer to personal data as PII.All PII is personal data but not all personal data is PII.
Its not their fault the GDPR falls between several cracks from their viewpoint of law.
In this particular case it fails because of the "default opt-in checked" on what is no less a fingerprint that has a sufficient set of data to identify individual users. I checked with the UK ICO on this point...
Thanks for playing.