The “legitimate interest” provision in the GDPR will not save behavioral advertising and data brokers from the challenge of obtaining consent for personally identifiable data. As previous PageFair analysis illustrates, personally identifiable data (PII) will become toxic except where it has been obtained and used with consent once the General Data Protection Regulation is applied in May 2018. Even so, many advertising intermediaries believe that they can continue to use PII data without consent because of an apparent carve-out related to “legitimate interest” contained in the GDPR. This is a false hope.
In a year and a half, new European rules on the use of personal information will disrupt advertising and media across the globe. Here are the three biggest impacts. Since 1996 when cookies were first repurposed to track users around the Web there has been an assumption that gathering and trading users' personal information is the essence of advertising online. This is about to change.