This is great news! Browser and device fingerprints are clearly PII. So hey, for those of us outside EU, we just need to use VPNs with EU exits, to be covered
Or even easier; use the TOR Bundle and let it reflect the generic bundle fingerprint for all your sites. Don't modify it and be the generic user. Pretty simple and for "paranoids" like me go ahead and run a couple of VPN's in front of the circuit.
This is exactly what GDPR was designed to accomplish. As much as I hate Google and Facebook, one hopes that they will only survive through protecting users' privacy.