Who to block?
I prefer a simple approach: given that the sites themselves are providing subdomains expressly for this nefarious purpose (and are therefore complicit in any GDPR breach that results), all it needs is a list of such sites. I would rather just block them and take my interest elsewhere.