Does not sound like they disable the call-home address book upload anti-feature by default, and would only do opt-in for specific queries, instead of bulk data uploads.
Is this their “solution”?: Continuing to let all installed clients contact their servers, but now enforcing personal authentication for their central vector services, requiring acceptance of their “privacy policies”?
Could the PR matierial not sound like PR material, if the goal would be to develop a protocol that would not require to accept any external privacy breaching policy?
Could another protocol, instead, promote a default no-data-collection policy for clients and homeservers?
Maybe requiring something like some form of “tainted” flag if a home server or client wants to do data-collection that requires to be accepted to comply with the GDPR?
Maybe a way to implement this might be some form of a GPL+data-sufficiency copyright?
EDIT: Or is the GDPR already sufficient?