> Again, this is all a narrow and militant interpretation of "necessary for contractual reason",

Given "necessary for contractual reason" is on its own a lawful basis, I don't see how your interpretation (that selling your data to ad companies is "necessary") wouldn't effectively nullify much of the GDPR, allowing pretty much any use of customer data to be justified so long as the company makes money from it.

The European Data Protection Board, whose purpose is to ensure consistent application of the GDPR, has written:

> > If there are realistic, less intrusive alternatives, the processing is not ‘necessary’. Article 6(1)(b) will not cover processing which is useful but not objectively necessary for performing the contractual service [...] even if it is necessary for the controller’s other business purposes.

> > A controller can rely on the first option of Article 6(1)(b) to process personal data when it can [... establish ...] processing is necessary in order that the particular contract with the data subject can be performed. [Emphasis in original]

> > does not cover situations where the processing is not genuinely necessary for the performance of a contract

> > it is required that the processing is objectively necessary for a purpose that is integral to the delivery of that contractual service

> > Example 2: The same online retailer wishes to build profiles of the user’s tastes and lifestyle choices based on their visits to the website. Completion of the purchase contract is not dependent upon building such profiles. Even if profiling is specifically mentioned in the contract, this fact alone does not make it ‘necessary’ for the performance of the contract. If the on-line retailer wants to carry out such profiling, it needs to rely on a different legal basis.

(https://www.edpb.europa.eu/sites/default/files/files/file1/e...)

> not least when all data show that the people are fine with it.

Doesn't appear to be the case when the case when it's actually a freely given choice (as low as 0.1% when it's opt-in) - which is why companies fight so hard to manipulate user choice with dark patterns and obfuscation, or outright breaking the regulation.