After GDPR was passed I've got pretty much no "legal" spam. "Unsubscribe" links in emails actually work. If they didn't - then companies sending those emails would get huge fines. The only spam that I receive now is from "Nigerian princes", but GDPR can't stop those anyway.
Counterpoint: Google and Facebook are still around and stalking users, and their malicious SDKs (as well as other analytics SDKs) still litter every mainstream app possible with no way to even opt-out (overlooking the fact that such tracking should be opt-in to begin with).