The definition of personally identifiable information, as I recall it, is info for which there exists a party that can trace it back to a person. Just because I can't find your name using your social security number doesn't mean that your SSN is not PII, because there exists a party that knows whom this SSN belongs to.

Similarly, it's not as if CGNAT is an anonymisation technology. Crooks would love it: download and upload whatever you want and nobody can ever tell it was you! No, ISPs log who used which IP and port at which time.

Processing the IP address and port number is essential for TCP to work, and even if you don't store it and filter it on your network's edge, it's still covered by privacy law–technically. A judge might not award you damages, but technically the processing (not storage) of personal data is also covered by privacy laws.

Of course, if they don't store it then I would consider it anonymous. The question to me is what they do with the data. But it's not correct to assume that it's anonymous just because you share an IP address with others, or to assume that everyone has CGNAT. Where I live a personal address is the default.