Context has nothing to do with it. IP addresses are specifically called out in the GDPR as being one type of personal data. The fact that you're repeatedly using "PII", an American term, indicates that you are viewing this from an American point of view.
Ok, it was my mistake to call it PII. My intent was to make a distinction between user data that is collected and that needs to be be given consent from the user to be processed by the service you are connecting to, and the further point is that no service is required by GDPR to ask the user "is it okay to log the IP from your request?" and that is the part that I am saying is context-dependent.
Again, it is not context-dependent. I suggest you educate yourself further on the GDPR, specifically the six legal bases upon which processing can occur.
The "six legal bases which processing can occur" ARE the context that I am talking about.
I suggest you let go with the pedantic posturing, and if you really think that GDPR has any way to actually stop these new actions from the EU telcos, go ahead and initiate legal action against them.
This is false: if they use the IP address to match the website visitor with the ISP customer, GDPR is very much relevant as GDPR restricts the use of personal data (including IP addresses) like this.
The reliable reference I can give you is the legal team from the company I was working for, who had to deal with all this shit and in the end said that session logs with IP addresses did not count as user data and therefore need not to be listed as part of "user collected data" in our privacy policy.
Another way that I can argue for this interpretation is simple: if you want connect to a hotspot in Germany, no one asks you if you opt-in to sharing your IP addresses. These, by itself, are considered "required information to appropriate service" (or something equivalent in legalese).
The third argument I can give is a bit circular: if GDPR had any way to rule this illegal, it would already have been met by huge outcry from the proper privacy NGOs. If it has gotten to the point where the companies are announcing tryouts, it means that the networks are confident enough that they are (at least in regards to GDPR) legally in the clear.
All in all, I hope that people crying for regulations and government intervention could understand once and for all that the laws that get approved are never going to do what they wished it did. I already got into plenty of arguments here with people that believe that GDPR is effective to protect users, but this is just yet-another example of regulatory capture.
Thank you for expanding on your point and your context.
1. Courts and legal teams don't always agree. Also, privacy scenarios are nuanced: when something falls under GDPR, it's not automatically illegal and you don't necessarily need to ask for consent either or even list it in your privacy policy. You need to read what the GDPR says and see whether you are within the lines or if you need to adapt your business model, processes, tech and/or disclaimers.
2. Connecting to a hotspot does not automatically mean collecting or sharing your IP address: Yes, a hotspot needs to store the DHCP lease while it's active and the MAC address while there's traffic, but GDPR often allows such processing that is limited to what is technically necessary and obvious. It would be different if the hotspot stored the data for longer time, shared it with third parties and/or used it for other purposes. Selling data without user consent is typically illegal.
3. We don't know enough about these tryouts to assess how they plan to align with GDPR: perhaps they'll ask for consent, perhaps they don't use IP addresses, perhaps they plan to bargain a deal with the governments or pay the fines.
4. We need effective laws and luckily some laws are effective. Privacy laws and GDPR are somewhat unsettled and the ultimate effects remain to be seen, but EU courts have already ordered some significant fines in cases that have made sense so I'm still optimistic.
