It's worth noting that GA4 does this already. GA3 (AKA Universal Analytics) requires owners to set the anonymize_ip flag though. I agree that Google should have retroactively changed this policy for GA3 accounts, even if it would cause some breakage.
The English post from CNIL makes it clear it's not just IP that's the issue:
>In this context, a unique identifier is assigned to each visitor. This identifier (which constitutes personal data) and the associated data are transferred by Google to the United States.
https://support.google.com/analytics/answer/2763052?hl=en