Maybe the data brokers might delete based on the requests, but it seems this is a lot deeper than anything the GDPR could fix as the data would be reuploaded and updated, because the data comes from the “analytics” and “diagnostics” SDKs, being uploaded to data brokers and unified under the advertisement ID from google and apple devices/browsers.

I think this could only be broken by not using the advertisement ID (that was promised to help anonimize the advertisement data) and block all the requests by DNS blocking on the whole device, like with Ublock Origin + Hosts file + pihole/nextdns/adguard, etc.

Edit: also blocking cwsystem.com, cwtapp.com, cobwebsapp.com and subdomains, because they can host malware made from the company that owns this system.