What they say in official text is not automatically what they actually do. Example: maybe they dont sell data to Facebook, but to a middle-man company. And this company sells to Facebook. Disclaimer texts are shady things!
that would also be illegal under GDPR. Not to mention it's a misunderstanding about how Facebook works. Facebook does not sell data at all, they sell ad-space based on their own data.
not sure what the relevance here is. That user is complaining about not getting network data from Facebook which may not be covered by GDPR, rather than his personal data he stored on the service.
However giving your data to third parties without your explicit consent is without a doubt a violation of GDPR.