Michael, I have read your numerous posts in other questions relating to GDPR and elsewhere. Please tell me what is different about an unauthorised biography of a living person and/or a person publishing a family history that is available in the library containing the names and details of living people, and publishing the same information on Wikitree? Aren't they either all illegal or all permissible? Why does the method of publishing make any difference?
With regards to your other comments elsewhere on the subject, I respectfully disagree with your position, about living people being unlisted, and see nothing wrong with publishing the name and relationship of a family member, including a full date of birth which based on the former setting of "private but with public family tree" only actually showed a decade. Eg Andrew Hunter, born 1970s. I don't believe this contradicts the "we respect the privacy of others" in the Wikitree pledge because given the information that is presented to the (i) public and to (ii) other Wikitree members is very limited, I really don't believe that most people would mind this amount of information to be shared with others. Living people post all kinds of stuff about themselves on Facebook and LinkedIn etc., and yes, before you write back and say, that's them supplying their information, not a researcher entering information on their behalf, I get that there's a difference, I'm only saying this because there are a lot of people who do not seem all that concerned with having any of their personal details available for anyone who knows how to search for them.
Please explain why knowing there is someone called Andrew Hunter who was born in the 1970s is so personal, when I can find my entry in the Birth Index for Minor Returns in Scotland, by simpling creating a free account with Scotlands People, and I can find my cousins' birth entries on the Freebmd website in 1976 and 1978 respectively. I honestly fail to see what anyone could do with such information because it's incomplete and not sufficient to commit ID fraud, and why is it any different to a list like an electoral roll or a telephone directory?