[PeterisP]

If your basis for processing private data is consent, then under GDPR one of the conditions on consent is that consent has to be freely given, it can't be traded for something.

In essence, under EU law privacy is an unalienable right, it's not something that can be freely contractually sold away (alienated) by the users. If you have a contract where users agree to allow you to do whatever with their data because you give them $100 or show some content, then that does not fit the definition for consent according to GDPR, and this contract does not - can not - give you the right to process their data as you wish; that particular clause in the contract is effectively void, the users are "selling" something they can't legally sell.

If some data is required to fulfil your contractual obligations to the user (for example, processing their address to deliver pizza), then that is a legitimate use under GDPR 6.1.b which does not require consent, but if you'd want to use the same data for some other purpose (for example, using that same address for targeting advertising or giving it to a third party) then the contractual need clause 6.1.b wouldn't apply, you'd be stuck with 6.1.a (consent) and that is valid only if it's a genuine free choice without some benefit or service being conditional on providing "consent".

So you technically are allowed to block access to your site to people who don't click a checkbox "I agree to stuff", however, if you do so then clicking that checkbox does not constitute freely given consent, so it can't give you any rights to use the data for any of the people who checked that checkbox, for the purposes of GDPR that checkbox is simply meaningless if access to your site was conditional on it. So the users have the right to (and will) file complaints about illegitimate use of their data right after clicking the "I agree to stuff" checkbox.