If a website is claiming legitimate interest in data collection in a way that is unbelievable is there any action that a web site visitor can take?
For example, if one was to visit The Daily Mail you will be presented with a cookie consent lightbox, and the first of the "Special Purposes" (that you cannot opt out of) is "Ensure security, prevent fraud, and debug", and there is a list of 389 Vendors that "rely" on this purpose. This list includes HUAWEI Ads (with a broken privacy statement), IntelliAd (which lists its products under the categories Performance Marketing Suite, Search, Tracking, E-commerce), Clever Advertising, FanDom and multiple sites that are blocked by uBlock Origin.
Now I suppose it is possible all these organisations are actually involved in providing security, but it seems unlikely. If one was concerned that they making false claims, and so processing personal data with neither consent or legitimate interest, what action could one take? I am thinking of making a SAR to each of the 389 vendors listed, requesting the exact details of their use of my PII for security, but I am not sure that they would be required to provide anything useful.