Browsing by Subject "Online Behavioural Advertising"

The purpose of the thesis is to assess the compatibility of the business model of providing free online services in exchange for processing of the personal data for advertising purposes, in particular for the Online Behavioural Advertising purpose, with the GDPR. Online Behavioural Advertising is a main way through which the free online services are funded. At the same time large-scale personal data collection and intrusive profiling, the controllers engage into pose significant risks for the rights of the data subjects. Empirical findings show that the companies using such business model oftentimes collect large amount of personal data in violation of GDPR. In addition, the researchers highlight the power asymmetries between the large online platform and the data subjects. Therefore, whether such a business model is compatible with the GDPR from legal perspective is of a particular importance. The first part of the thesis focuses on the lawfulness of the existing data collection practices in the context of the business model in question. The second part of the thesis discusses the profiling and data sharing in the context of such model and the third part focuses on the principles of the data protection by design and by default. The mentioned legal provisions are analysed with the focus on their compatibility with the business model in question. The research found that the business model seems to be compatible with the GDPR in a sense that it is in principle possible to comply with its requirements for the controllers. Such a compliance however would likely lead to a decrease in revenue for the controllers who relied on unsuitable legal basis or who manipulated users into giving away more PD. At the same time such a compliance still would not give the effective protection to the data subjects’ rights due to the lack of more explicit, precise and specific rules in GDPR.