This depends on what kind of data they're collecting. The most common kinds of telemetry data is not actually particularly useful for that, and usage of it for selling advertising, especially to third parties, would be contradictory to most privacy policies (now how much you trust that they are actually following their own policy is another matter: and dropbox does call out that they may try to use this data to upsell you on their own products).

Nonetheless, the potential is there and GDPR does consider it personal data from the point of view of consent, so dropbox is almost certainly violating the rules here even if they do not sell the data for advertising (as unlike the actual data they store, it is not necessary for providing the service, merely useful to the company for improving their service). Such telemetry almost certainly requires an opt-out, and most likely should be an opt-in as far as GDPR is concerned.