IANAL but this discussion of the topic seems to indicate that you are correct if any SuperHuman users send emails with invisible tracking pixels to anyone in the EU.
‘Massive’? I’d be surprised if they have anywhere near the incidents of tracking pixels that a bog standard small ad network has.
No one will be able to tell accurately until a ruling comes down but I believe this is a gdpr violation but one they won’t be fined for if they do basic location filtering for their tracking pixels.
I was thinking, massive is the sense that any (business) user of the service might be considered in breach of GDPR for obtaining personal datan without consent.
