There's also no personal identity, it's just a cookie if available, used mostly to frequency cap.
Cookies are also not an identity and refreshed very often. Their main use is to cap ad frequency and track conversions over the short-term (hours to days).
Google and Facebook do not provide any personal identifiers. That would be a massive breach of their core 1st party dataset. What little data they did provide is now gone with GDPR.
I don't know what you mean to say about the cookie either, the whole point of this kind of advertisement is to persist associatable data about a person for the lifetime of the cookie.
Cookies are an anonymous identifier, they are specifically not a person. As I said, it's a short-term stable ID used to control the amount of ads shown and track any conversions for campaigns. Adtech companies do not know who you are, only Google and Facebook do.
The fact that cookies are pseudonymous has 0 effect here -- literally their entire purpose is to be able to associate third party data with a person's browser.
Your contention that all they're used for is frequency capping isn't true either, but even if it was, it's not relevant -- "I'm just using it for frequency capping" isn't acceptable under the GDPR, just as much as "I need the data to do advertising" isn't a reason acceptable under the GDPR for keeping a piece of data in the first place.
Here's the text of the GDPR on cookies: https://gdpr-info.eu/recitals/no-30/
