GDPR has a massive exploit where you can do whatever you want as long as you declare it "legitimate interest".

That must've escaped all of the legal teams of all the companies that have been fined. GDPR's biggest problem is its general lack of enforcement. Companies can still get away with just about anything because the overwhelming majority of violations are never investigated.

Unfortunately, future of GDPR is uncertain: https://noyb.eu/en/eu-commission-about-wreck-core-principles...