I'm a developer of a mobile indie game and it's not true. Just to get started you need to implement tons of third part SDKs like Meta Ads, AdMob, Google Analytics, etc. These require actual handling of player choices, data sanitation etc. disregarding the loss of revenue with not being able to serve personalized ads, or even ads at all to large segments of players. And I'm talking about strictly optional rewarded ads.

These already harmed a lot of small mobile game companies, while the bigger mobile companies had much better means to deal with these.

I personally paid over $10K for different services just to comply, disregarding the loss of revenue over this compliance.

> The GDPR is almost trivial to comply with if you’re not harvesting data willy-nilly.

I buy a VPS. I apt install nginx. Is it okay that by default, opening http://IP/index.html logs the IP address to /etc/log/nginx/access.log? Maybe yes, maybe no, maybe yes but I need a privacy policy (for an empty index.html). Maybe I need to ask a lawyer (who usually errs on side of caution) because people have been arguing about it for 10 years (and please don't answer here). And in the end, even if I didn't need to do anything, it sure is _some_ nonzero drain of my resources to have think about it at all (completely ignoring whether it's justified or not).