[mrweasel]

No... I mean I see your point, but that depends on what data you use to target the customers. Staying with in the boundaries of your own site, tracking what a person is browsing isn't necessarily personally identifiable, so no need to ask.

If you use data that the user actually enter, or their IP for some reason, then yes, you do need to ask, but you could just ask when they are entering the data.

If you want to target based on activities across website, then you'll most likely need to ask, but that's already the case with the cookie law.

You do have me wondering if I'm correct, but I would still claim that if you noticed that browser with the "cookie XYZ1234" read five article related to child and then ask your ad partner for an ad for "people with children" would allow you to be GDPR complaint without any pop ups. It does flip the current ad tech model upside down though.

[zerostar07]

You need (separate) consent to process their personal data for targeted in-house advertising. Thats what facebook/reddit do. If you pass user personalization data to others (such as that they are interested in children) it's the same thing as having personalized tracking ads, you need consent again (and an agreement with that third party).