It's true though that you need explicit consent for sending PII under GDPR. Whether IDFA is considered PII (I think there are strong hints it is) is up to the jury. More surprising is that Apple is hellbent to defend this when they've only their pro-privacy stance to loose.
