GDPR isn’t stupid, it’s a sad necessity because “the industry”, as you’re demonstrating so aptly, proved itself ignorant and straight out hostile to follow existing laws and regulations that already were in place.
And your argument is nonsense - it’s not a problem technically to either use https or use http, the problems arise when you insist on including content over http on a page that is otherwise accessed over https (and sometimes vice versa) and it doesn’t exactly help that the entire “certificate thing” apparently is something you haven’t quite managed to wrap your head around, so we sometimes get certificate errors on _other_ sites because of banners and ads loaded from your sites, that very often have wrong CN or missing alternative DNS hostnames in them, or have expired etc.