You pretend to care about consent and privacy and then mention my daughter by name here. You’ll notice I share photos and details about my daughter from accounts on servers I control. There is an implicit agreement in the fediverse to respect people’s privacy. I obviously don’t rely on that implicit agreement because some people do unethical things as demonstrated in your post. I protect my daughter from legitimate online privacy and security threats, I don’t play privacy and security theatre.

This vending machine is taking biometrics off of everyone who walks past

You have no evidence of this and there is no mention of this in the article. This also doesn’t make any sense from an implementation perspective.

GDPR doesn’t apply in Canada unless you are trying to operate business in Europe.

You’re correct that GDPR doesn’t apply in Canada, it’s just that GDPR is usually the strictest compliance so it’s usual for companies to meet that compliance as a minimum.

Compliance only matters if you can’t afford a fine.

GDPR fines can be tied to global revenue.

When your beliefs don’t align with the facts, consider changing your beliefs instead of doubling down on your opinions, making things up, and doing unethical things. Please try better.