[alkonaut]

Legitimate interest can be for anything (user, business, society as a whole) but it's still highly questoinable whether sharing peoples PII for ads alone is a legitimate interest (It's not clear it isn't either - the text is deliberately vague). What's clear is that you can't show people "by entering you accept to". You have to show them an opt out and if they opt out they need to get a service that is as good as if they opt in. Binary choice shouldn't help - if that has been a judgement it's very dubious imho.

[dogma1138]

No they absolutely do not need to get a service, you cannot degrade a service but you can very much make it dependent on consent, heck you don’t even need consent it just prevents you from having to do an LIA you can simply inform the user of what is going on and allow them the option not to use the service.

I too thought GDPR is much stricter but in reality it’s not. Both the ICO and several continental DPAs including the German one allow for binary choice.