GDPR doesn't generally expect “agreement”, so it's not necessary to prevent access by people who don't “agree”. A privacy policy is not a contract, but a unilateral notice about how personal data will be processed. This processing is either legal, or it is not. The GDPR contains various conditions and parameters that determine what is legal. In particular, every processing of personal data needs a clear purpose that is covered by a legal basis. Legal bases can include legal obligations, contracts with the data subject, but also consent (opt-in) or a legitimate interest (balancing test with opt-out).
Large service providers like Google or Facebook have the legal resources to defend themselves, and have a lot to gain from more flexible interpretations of data protection law. So they often end up doing stuff that's not entirely legal.
For example, Facebook is arguing that they're not processing personal data for advertising purposes because they want to – they argued that they have a contract with the user, and they have an obligation under this contract to show ads. So it's really the user's fault, and Facebook is just carrying out the user's wishes. If that is the case, then Facebook would not need consent. It is not yet clear whether this is legal (noyb is currently litigating this “consent bypass” technique).
My assumption is that Facebook's standpoint won't prevail: while parties are generally free to enter whatever contract they like, pre-formulated contracts / contracts of adhesion are generally subject to additional regulation and can't sneak in surprising extra terms. A pre-formulated contract about providing a social media or messaging platform cannot contain non-necessary terms about data use. Instead, consent would be a more appropriate legal basis.
And at least under the GDPR, consent is subject to substantial conditions. Consent must be specific, informed, and freely given. Access to a service cannot generally be made conditional on unrelated consent, since this would make it impossible for a user to freely decide (Art 7 GDPR). (However, it might be OK to give the user a choice between consent and a reasonable payment.) GDPR consent must involve an unambiguous action, and cannot be implied by an unspecific action like “by continuing to use this site, you agree …” or by checking a button “I have read and understood the privacy policy”. If consent was obtained in an invalid manner (such as by pressuring the data subject, or making it impossible to decline), then data processing activity that was covered by the consent legal basis is illegal, risking fines under the GDPR.