GDPR forces Opt-In these sites use Opt-Out mechanisms and save a lot of PII Data that can clearly connect to a real person.

These companies were in violation of the Bundesdatenschutzgesetz. It mandates information minimization which many fail to adhere to. The problem is more with enforcement, which was (is) weak. GDPR in fact is seen more lax (by our privacy prtection authorities) than the Bundesdatenschutzgesetz but it has more teeth.