Well even with internet they couldn’t legally collect any user data without an explicit permission let alone sell it to third parties.

You mean just like websites need to ask for consent for nonessential data processing and about a hundred and fifty different ad networks are forced enabled as legitimate interest in the consent screen?

Seems to me that GDPR wasn't strong enough to actually beat adtech