Per GDPR, nearly anything you for which you get consent is legal. As your quote shows: a purpose must relate to a legal basis, and one of the legal bases is consent.
Was there actual consent? Unlikely, but I can't read the German in that clip explaining what's going on with these companies.
> Per GDPR, nearly anything you for which you get consent is legal.
I think this requires qualification. There are a bunch of cases where consent is not considered valid, and there are requirements on being explicit about what you're getting consent for.
> If the data subject’s consent is given in the context of a written declaration which also concerns other matters, the request for consent shall be presented in a manner which is clearly distinguishable from the other matters, in an intelligible and easily accessible form, using clear and plain language.
In other words, burying consent in a 10-page EULA probably doesn't float. The subject can withdraw consent at any time. This must be easy to do.
And more importantly, see Article 6 - you can't just get consent for "monitoring your children" and then use the data for unrelated things that you claim are part of that task.
In this case the only way you could be compliant is if you had a pop-up that says "we'd like to sell your location data to other companies (listed here). This isn't required to offer you our location tracking service. Do you give consent? Y/N". In which case the story would not be news, as everybody would be aware that this is what the app does.
> In this case the only way you could be compliant
This is overstated. Yes, consent must be clear. But it doesn't have to be a popup; merely clear.
And you would probably be legal to require users to pay more to avoid data collection -- there are conflicting cases from the ICO / washington post case and the Austrian DPA / derStandard.at case.
Was there actual consent? Unlikely, but I can't read the German in that clip explaining what's going on with these companies.