It will be combined and linked on its route through many processing hops in many countries up to your database. This is where your consideration has to start. Btw, this is also where the legal perspective has to start. What I read so far, breaks with the GDPR guidelines you elaborated yourself above (GDPR does not just apply to the actual database at the end but also the preceding stages). Users with related obligations will have a problem… (and others justified worries, not just about breaking GDPR but also about the reasons why it is broken).
I would need to trust many servers in between, which are likely to be several within the US. This is already something many will not be allowed to trust in (if they process themselves GDPR data), and many will not want. Afaik, you will be obligated to retain the capability to decrypt any cryptography on the path in between, right? (Feel free to correct me here since I have not kept myself up to date in this respect for a while). That’s a major reason why bringing personal data into the US is already a violation of GDPR (be for or against it, but you cause issues to users, which creates negative incentives to them). You cannot limit the scenario to your database so that it fits your preferences. You seem to want to produce data that can create personal profiles when put together, but you reject to care for everything before your database. And this is where my trust has ended.
That said, whatever is done, users must be explicitly asked if they want it (may it be with the button set by default to true or false). And they must be able to click on an explanation that offers more clarity than the proposal. Everything else can create unforeseeable backdrafts, trust-losses and perceptions but also abuse (because only a small part of the community will factually be aware and thus rationally care), in many respects.
This proposal does not tell much details but wants approval. I am not sure if that can be called transparent. At the same time, Ubuntu ensures GDPR through servers from within GDPR area. This already gives many some basic security. I’m not arguing that their approach is better or worse, but generally arguing that ours is more careful and more transparent seems a little far fetched.