Welcome to WebmasterWorld Guest from 18.104.22.168
More specifically, a site's use or not of HTTPS cannot be regarded as PII
Of itself, no, but if PII (which an IP address might be) is transmitted without end-to-end encryption then it isn't secureSure, HTTPS protects PII. But Google's use of it as a ranking factor, per the OP, is not under the remit of the GDPR as it is not itself PII.
I would suggest there is no chance of Google rewarding legal compliance on it's own merits, as is does not improve relevancy.
I will not be surprised if the EU requests Google show in SERPs GDPR risk bearing websitesInteresting thought. But surely that would be jurisdictional overreach?
are you changing your linking policy