Why are hash functions (e.g SHA-3) so complicated when GCM apparently provides secure hashing and has a relatively simple construction?
Is this purely about speed? I imagine that GMAC with a fixed key (GCM mode without ciphered data) is much slower, if you just need a key-less hash.
GCM does not provide secure hashing. In general, a MAC has all the properties of a hash only against an adversary who does not know the key. If you want to use the function as a MAC then the key has to be public and then A MAC is not a secure hash. With most common MAC constructions other than HMAC, if you know the key, you can easily construct, at least, a second preimage.
For example, look at how the authentication tag GHASH of GCM is calculated. I use the notations from the Wikipedia article; the plaintext is $A_1A_2A_3\ldots$ (split into blocks), $H$ is calculated from the key (so it would be some public constant to use GHASH as a hash) and the $X_i$ are calculated incrementally to produce the hash (so if $X_i = X'_i$ for some $i$ and two different messages then the hash will be the same). $$ \begin{align} X_0 &= 0 \\ X_1 &= A_1 \cdot H \\ X_2 &= (X_1 \oplus A_2) \cdot H = ((A_1 \cdot H) \oplus A_2) \cdot H \\ \end{align} $$ Let $A'_1 = A_2 \cdot H$ and $A'_2 = A_1 \cdot H$. Then $A_1A_2A_3\ldots$ and $A'_1A'_2A_3\ldots$ are (assuming that $A_2$ didn't happen to be equal to $A1 \cdot H$) two distinct messages with the same hash (and the same length, incidentally). And that's just from a trivial computation — with a bit more work first preimage can be broken too.
GHASH/GMAC is a secure MAC which has different security properties than a generic hash construction; contrary to your assumption, it is not a secure hash.
For example, if you use GHASH/GMAC with a known key, the scheme would be trivially vulnerable to a length extension attack.