sure but anyway the data collection is not that important, it is actually the data storage and data deletion parts that are going to make or break a GDPR case.

on edit: better clarify, I mean if you are fingerprinting, but not storing in such a way that you can actually identify someone (although not sure why you would use fingerprinting then) then I don't think there is a case.