Look at the network traffic from the phone while the app is running. You will see traffic to graph.facebook.com on every app launch.
I've just tested it and the latest iOS version of Here Maps as of today does indeed still include the Facebook malware and it's very eager to try and reach outside (dozens of failed connection attempts, looks like it doesn't take "no" for an answer).
Confirmed, on every launch. I think it might be hitting some other undesirables, but FB was enough for me to close the Pi-Hole interface and delete the app. Disappointing, but Apple Maps doesn't suck enough for me to get terribly upset, except for one less acceptable alternative existing.
It would be, but the question is whether the law is being enforced?
As far as I know, you can't directly sue over a breach of the GDPR, and the regulators who are supposed to enforce it on your behalf are unwilling to do so.
I've just tested it and the latest iOS version of Here Maps as of today does indeed still include the Facebook malware and it's very eager to try and reach outside (dozens of failed connection attempts, looks like it doesn't take "no" for an answer).