My understanding was that Gitlab wanted to collect your data to improve their product.
Gitlab could have collected anonymous data, with opting out of collection as the default, and promised not to sell it if they seriously believed it was about improving their product. Plenty of products record telemetry data only if you opt in to the program. Users understand and often accept that. That approach would have generated fewer headlines.
opt-in telemetry does not allow you to draw statistical conclusions because your data is skewed/incomplete due to selection bias. This is why developers are so intent on opt-out, it ensures that they have more accurate data to drive their roadmap. Clearly there are going to be privacy concerns with this, so they really need to minimize how much identifiable information they collect, and then communicate to users what will be collected, how it can be used, and who will have access to it. Gitlab seems to have jumped the gun and skipped over much of this part of the process, which sparked a justified backlash, but I don't fault them for wanting opt-out telemetry.
Opt-out is not a reasonable approach to telemetry, end of story. It's perfectly understandable how problematic that is for statistics, but statistics never trumps the fact that your software should not snoop without your permission.
No amount of vague promises over how good you will be and how nice you'll treat your users' information should be enough to make this acceptable. We have a huge body of evidence informing us that trust is a fundamentally bad idea when it comes to a corporation.
Gitlab could have collected anonymous data, with opting out of collection as the default, and promised not to sell it if they seriously believed it was about improving their product. Plenty of products record telemetry data only if you opt in to the program. Users understand and often accept that. That approach would have generated fewer headlines.