I was going to say no (and I've left my logic below for posterity), but maybe you have a point. The OP can't continue to use Dropbox without giving up some more privacy. They can't even get in to get their data out (although GDPR does take care of that).
Previous logic:
They've asked for permission, been clear about what data they and presumably haven't prechecked anything (because they don't have control over that UI).
I don't think GDPR has any protection about a vendor locking you in and then asking to change the privacy policy.
Exactly. Consent must be freely given to be valid under GDPR. Here is some analysis on what this means by the European Data Protection Board:[0]
“ 3.1 Free / freely given12
13. The element “free” implies real choice and control for data subjects. As a general rule, the GDPR prescribes that if the data subject has no real choice, feels compelled to consent or will endure negative consequences if they do not consent, then consent will not be valid.13 If consent is bundled up as a non-negotiable part of terms and conditions it is presumed not to have been freely given. Accordingly, consent will not be considered to be free if the data subject is unable to refuse or withdraw his or her consent without detriment.14 The notion of imbalance between the controller and the data subject is also taken into consideration by the GDPR.”
Previous logic: They've asked for permission, been clear about what data they and presumably haven't prechecked anything (because they don't have control over that UI).
I don't think GDPR has any protection about a vendor locking you in and then asking to change the privacy policy.