Comment by Nextgrid

Is this an actual problem or is this a typical knee-jerk argument people make when someone is talking about regulation? (despite the current situation being so bad that it's hard to imagine regulation making it worse)

Regarding your specific example, the GDPR appears to deal with it easily: any data processing to comply with the law is allowed and does not require explicit consent. This seems to work well (of course, the GDPR is bad because it't not being enforced seriously, but if it was, the scenario you describe wouldn't be a problem)

Also, when I talk about regulation, I'm talking about regulating the intent and/or outcome rather than a particular implementation. If you track someone without their explicit consent for the purposes of targeted advertising or marketing you are in breach of the regulation, regardless of whether you obtained that data online, in the real-world (mobile phone tracking, facial recognition, loyalty cards, etc), by using Tarot cards or even a fortune-telling goldfish.