it's not really avoidable.
Absolutely not true. It is not remotely inherent in the technology, it's inherent in the way the technology is currently implemented. It should be no surprised that private interests have implemented it this way, since it gives them the ability to sell your location. The entire online/social media/freemail/goole experience is tailored around divesting you of your privacy, and even today it is completely possible and doable to deny them this.
Addressing your "It's not really avoidable" assertion, the technology isn't just possible, but easily possible to implement in a way that sends no locations outside the device. Apps like Osmand have a downloadable map infrastructure that would be easy to adopt as a subsystem in Android itself. Any time an app or web site wants to show your location, it could invoke this which would require no data outside your device. It wouldn't be hard at all to manage your maps, and wouldn't take up much space on your device.
For people today, you can use Osmand instead of Google Maps, say no every time a web site wants your location, use services like Open Street Map for web access, (which anonymizes all access), and even just kick Google out of your life. If you want, there are even Android alternatives like e/OS (Murena) which takes LineageOS (AOSP made workable) and further de-Googles it. It's not just for resistor-heads and nerd-fests any more, it's getting more and more traction and it's even quite possible to buy phones with it on it. I personally use a Fairphone FP5 running Murena and it is implemented in such a way that stuff just works. It has a Google Play Services replacement that lets 99.5% of programs run, even if you intercept or deny access to Google push. I even have the ability to easily, form the OS level, turn on and off location spoofing, in case there are any bad-player apps that I give location access to.
Don't just give up and roll over. Don't assume it's a necessary evil.
It should, however, be absolutely 100% illegal with severe penalties for all involved to store that data longer than required for billing purposes and 200% illegal to sell.
Here is where we 100% agree. But I would go a step further and impose penalties for even collecting it. I would even go another step further, and pass consumer protection laws that state that no free service can be operated where allowing the operator permission to collect, peruse, and/or share your data is a required component outside of the immediate context of that service. IE: If you offer an email service, they can't predicate it on you agreeing to give your location, and they can't look at your emails. If they offer a map service, they can't store your location, and they can't make you agree to let them as a condition of the service. If that means that we lose a lot of free stuff, so be it. I don't mind killing Google's current revenue paradigm.
We need something, because 14-year-olds don't care what they give away, and by the time they are 19 or 20 they are saying things like what you opened up with.