No, I am simply using shortened text not the USA PII legal concept. GDPR has many more restrictions than the USA concept of PII.

To me it seems quite simple, if the information can be used to identify user it is personal information and you need explanation why you need it and opt in. If this is a problem for you, maybe avoid collecting what you don't need. The idea of "collect everything and audio & canvas fingerprint them, maybe I will need it later" wont pass, you will never get consent. Collect only what you really need.