Precisely. Isn’t the pulling part exactly what Roon admits to doing here?
Consider what’s being said here:
This implies that they promise to stop not asking for consent, i.e. you have to opt in if you want to know if they access personal data. At the face of it this is not good GDPR practice.