In the end, with DNS you have to trust someone, your ISP, the DoH host, or wherever you get the records for running your own resolver. It's not a "Do I want privacy yes or no?" but rather "Who do I trust enough to make these requests through?"

Personally, I'd trust an entity that is under GDPR more than one that is not.