Yes, the GDPR has rules that very clearly apply to CDNs, hosting providers, and etc.
What is new is that Akamai breaks those rules. I don't know the situation of the other ones you cite.