Most of everyone's main reason was that GitLab was "open source" and also supports free software. As much as they claim to do, I'm afraid that by being partially owned by VCs, they are at the mercy of pleasing those who may conflict with these ideas in favour of adware such a telemetry or ad-tracking.
A very principled move from GitLab to revert this, but I think that GitLab's trusted is damaged due to this.
I think it will bring them under more scrutiny and rightfully so. But this sounds like a misunderstanding, both of the GDPR and user sentiment, enforced without discussion from the top. They responded quickly, humbly, and transparently in reversing the decision. I'm not sure about long-term erosion of trust, although this may harm subscription levels or contract negotiation in the medium term
An employee comment in the relevant merge request indicates that they are already knowing non-compliant with the GDPR. While I applaud their openness I wonder if this will comeback to bite them.
"This is because we suspect that we are not currently in compliance but cannot expressly call out the gaps until the DPIAs are complete. (Actually, by not having the DPIAs, we are, on our face, out of compliance with GDPR regulations.)"
