As long as there's no "session identifier," even if unique and completely unmarriable to the PII, it doesn't matter. Any session ID where an ID represents one person runs afoul. Makes meaningful telemetry really hard without consent.
My position is they can indeed get meaningful telemetry with opt-out anonymised data and that the GDPR does not prevent this.
I am countering the position of the parent poster and asking for a citation that would indicate you don't need to sneak this around the EU regulators to do it.
Everyone just consents anyway...