The only sense in which he's "wrong" is as you describe: people won't want to use the software, and it's a bad decision when it comes to making money. He's not wrong on some principles-based reason.
Since GitLab have operations, sales and other employees inside the European Union, and the assertions from the CFO are contrary to European law, he is wrong for legal reasons.
It's strictly illegal under GDPR, the agreement is void as it contradicts the law (you cannot have terms and conditions superseding the law). The policy - "agree to tracking" must be explained and justified, consent must be given (affirmative action by customer/user).
Failing to do that and holding user's data as hostage would be compliance breach. GDPR fines are no joke and set forward to prevent abuse. (up to 20m euro or 4% global revenue) GitLab is no small business any more and a fine would outweight the 'tracking profits'
