[matthewmacleod]

Okay, I think we've been talking at cross-purposes, and you're arguing that (in the case of free-to-view sites) targeted advertising is a "legitimate interest". Here is the situation as I understand it:

1. Companies can offer services which exploit personal data as part of their commercial business plan.

2. That collection must be reasonably described as a "legitimate interest" for the purposes of establishing a lawful basis for processing under the GDPR.

3. The "legitimate interest" in this case must be such that the site could not reasonably operate without targeted advertising. on order for explicit consent (and the associated option to opt-out) to not be required.

If I understand you correctly, then I agree that if you can construct a valid "legitimate interest" in this vein then you could reasonably require visitors to accept targeted advertising, without it being a GDPR violation. It wasn't clear from your argument that this was what you were saying – statements like "you cant force companies to provide a service at cost to them" are simply not accurate, because it is entirely reasonable and common that regulations require companies to provide services with certain conditions attached (indeed, the GDPR is one of these when you are operating on the "lawful basis" of consent). And further, it is entirely feasible for a regulation to be incompatible with an existing business model, such that a company would no longer be able to offer a service at all (if, for example, TechCrunch were unable to make enough income though non-customised advertising).

However, this position is _far_ from being as clear as you seem to suggest. It is heavily disputed whether or not "online behavioural advertising" constitutes a "legitimate interest" under the GDPR. There are several outstanding complaints on this matter and the question of whether or not OBA can constitute a "legitimate interest" is not at all settled.