I feel GDPR drew a good line: Any information that can be used to directly or indirectly identify an individual needs a legal reason, one of which is consent.

Is the information you collect unusable for directly or indirectly identifying an individual? Go wild! :)