Personal Data Processing for Behavioural Targeting: Which Legal Basis?

• URL: http://arxiv.org/abs/2511.20745v1
• Date: Tue, 25 Nov 2025 18:55:53 GMT
• Title: Personal Data Processing for Behavioural Targeting: Which Legal Basis?
• Authors: Frederik Zuiderveen Borgesius,
• Abstract summary: This paper argues that the cookie consent requirement from the ePrivacy Directive does not provide a legal basis for the processing of personal data.<n>Even if companies could use an opt-out system to comply with the e-Privacy Directive's consent requirement for using a tracking cookie, they would generally have to obtain the data subject's unambiguous consent if they process personal data for behavioural targeting.
• Score: 0.2262632497140704
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The European Union Charter of Fundamental Rights only allows personal data processing if a data controller has a legal basis for the processing. This paper argues that in most circumstances the only available legal basis for the processing of personal data for behavioural targeting is the data subject's unambiguous consent. Furthermore, the paper argues that the cookie consent requirement from the ePrivacy Directive does not provide a legal basis for the processing of personal data. Therefore: even if companies could use an opt-out system to comply with the e-Privacy Directive's consent requirement for using a tracking cookie, they would generally have to obtain the data subject's unambiguous consent if they process personal data for behavioural targeting.

Related papers

• How to DP-fy Your Data: A Practical Guide to Generating Synthetic Data With Differential Privacy [52.00934156883483]
  Differential Privacy (DP) is a framework for reasoning about and limiting information leakage.<n>Differentially Private Synthetic data refers to synthetic data that preserves the overall trends of source data.
  arXiv  Detail & Related papers  (2025-12-02T21:14:39Z)
• Conformidade com os Requisitos Legais de Privacidade de Dados: Um Estudo sobre Técnicas de Anonimização [3.2268447897914943]
  The aim of this study is to analyze anonymization techniques and assess their effectiveness in ensuring compliance with legal requirements and the utility of the data for its intended purpose.<n>The analysis revealed significant variations in effectiveness highlighting the need to balance privacy and utility data.
  arXiv  Detail & Related papers  (2025-07-24T12:31:28Z)
• PersonaBench: Evaluating AI Models on Understanding Personal Information through Accessing (Synthetic) Private User Data [76.21047984886273]
  Personalization is critical in AI assistants, particularly in the context of private AI models that work with individual users.<n>Due to the sensitive nature of such data, there are no publicly available datasets that allow us to assess an AI model's ability to understand users.<n>We introduce a synthetic data generation pipeline that creates diverse, realistic user profiles and private documents simulating human activities.
  arXiv  Detail & Related papers  (2025-02-28T00:43:35Z)
• Extensible Consent Management Architectures for Data Trusts [0.0]
  This paper proposes a framework for consent management in Data Trusts. Data can flow across a network through "role tunnels" established based on corresponding legal capacities.
  arXiv  Detail & Related papers  (2023-09-28T18:28:50Z)
• Advanced Data Protection Control (ADPC): An Interdisciplinary Overview [0.0]
  The Advanced Data Protection Control (ADPC) is a technical specification that can change the practice of Internet-based personal data protection and consenting. The ADPC supports humans in practicing their rights to privacy and agency by giving them more human-centric control over the processing of their personal data and consent.
  arXiv  Detail & Related papers  (2022-09-20T13:57:49Z)
• Post-processing of Differentially Private Data: A Fairness Perspective [53.29035917495491]
  This paper shows that post-processing causes disparate impacts on individuals or groups. It analyzes two critical settings: the release of differentially private datasets and the use of such private datasets for downstream decisions. It proposes a novel post-processing mechanism that is (approximately) optimal under different fairness metrics.
  arXiv  Detail & Related papers  (2022-01-24T02:45:03Z)
• Decision Making with Differential Privacy under a Fairness Lens [65.16089054531395]
  The U.S. Census Bureau releases data sets and statistics about groups of individuals that are used as input to a number of critical decision processes. To conform to privacy and confidentiality requirements, these agencies are often required to release privacy-preserving versions of the data. This paper studies the release of differentially private data sets and analyzes their impact on some critical resource allocation tasks under a fairness perspective.
  arXiv  Detail & Related papers  (2021-05-16T21:04:19Z)
• Detecting Compliance of Privacy Policies with Data Protection Laws [0.0]
  Privacy policies are often written in extensive legal jargon that is difficult to understand. We aim to bridge that gap by providing a framework that analyzes privacy policies in light of various data protection laws. By using such a tool, users would be better equipped to understand how their personal data is managed.
  arXiv  Detail & Related papers  (2021-02-21T09:15:15Z)
• Second layer data governance for permissioned blockchains: the privacy management challenge [58.720142291102135]
  In pandemic situations, such as the COVID-19 and Ebola outbreak, the action related to sharing health data is crucial to avoid the massive infection and decrease the number of deaths. In this sense, permissioned blockchain technology emerges to empower users to get their rights providing data ownership, transparency, and security through an immutable, unified, and distributed database ruled by smart contracts.
  arXiv  Detail & Related papers  (2020-10-22T13:19:38Z)
• BeeTrace: A Unified Platform for Secure Contact Tracing that Breaks Data Silos [73.84437456144994]
  Contact tracing is an important method to control the spread of an infectious disease such as COVID-19. Current solutions do not utilize the huge volume of data stored in business databases and individual digital devices. We propose BeeTrace, a unified platform that breaks data silos and deploys state-of-the-art cryptographic protocols to guarantee privacy goals.
  arXiv  Detail & Related papers  (2020-07-05T10:33:45Z)
• The SPECIAL-K Personal Data Processing Transparency and Compliance Platform [0.1385411134620987]
  SPECIAL EU H 2020 project can be used to represent data policies and data and events sharing. System can verify that data processing and sharing complies with the data subjects consent.
  arXiv  Detail & Related papers  (2020-01-26T14:30:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.