Nobody said that. If you tell your software on your machine to leak your credentials, then yes it should. And since it's your data and you're the one telling it to do it, I'm reasonably confident that gdpr says that's completely above board. (Like, I'm no lawyer so take with appropriate grain of salt, but it's generally described as saying that you have to have user permission to do things with data, which the user agent acting on your orders very much does have.)