These cookie notices are also almost invariably violating the GDPR. There must be a clear choice, and if you choose not to be tracked, you must be able to still use the service unimpeded; then there must be a clear and understandable description to the intents of data collection; and lastly, the opt-out choice must be accessible equally simply as the opt-in choice (none of this "Accept" vs. "Manage options" bullshit.) For example, one of the very few larger pages where I've seen it done right is Wikia/Fandom.
> Am I allowed to offer users additional functionality in exchange for access to their data?
In a way, yes, but you're phrasing it in a roundabout way. You can ask for personal data to enable additional functionality that requires that data. For example, you're allowed to ask for location if you want to show them some offers nearby. They are allowed to refuse and in that case they cannot use the particular function that's tied to their realtime location. If they've given permission to use their data, you, however, are not allowed to use that location data for any other purpose other than what they explicitly agreed to and what's actually needed to provide the service. I.e. you can ask for the location to provide a location based service but you don't need their age and income data; also you cannot use their location for other purposes they aren't informed about. And you certainly aren't allowed to sell it to someone else without an express permission.
In short - you need a clear and explicit permission for specific purposes, and you cannot deny access to those parts of your service that don't require personal data.
So, what you're telling me is that GDPR actually limits my rights as a private citizens because that think I'm too stupid to make my own decisions? I guess I shouldn't be surprised.