Trusq

factual analysis · traceable to primary sources

Topics Opportunities Take the check Work with us LinkedIn NLยทEN
Explainer

AI in marketing and advertising: profiling, dark patterns and transparency

Adopted 2026-06-21 ยท ≈ 2 min read ยท Dirk Baaijen

AI in marketing touches three frameworks at once: the AI Act prohibits manipulation (Art. 5) and requires transparency (Art. 50), the GDPR limits profiling and automated decisions, and the Digital Services Act sets rules for online advertising and the protection of minors.

Short answer: Marketing is one of the broadest uses of AI โ€” targeting, generative ads, chatbots, dynamic pricing โ€” and as a result touches three frameworks at once. The AI Act prohibits manipulative techniques (Art. 5) and requires AI to be recognisable (Art. 50). The GDPR limits profiling and automated decisions. And the Digital Services Act sets rules for online advertising, with extra protection for minors.

What the AI Act prohibits

Article 5 hits marketing directly. Prohibited are AI systems that use manipulative or deceptive techniques to materially distort people's behaviour in a way that can cause significant harm, and systems that exploit vulnerabilities due to age, disability or socio-economic situation. Ordinary, transparent personalisation is not caught โ€” but "dark patterns" that force choices below awareness, or that deliberately work on vulnerable groups, come dangerously close to the line. See prohibited AI practices.

What the AI Act requires: transparency

Article 50 makes AI in customer contact visible. A chatbot must disclose that it is AI. Synthetic or manipulated images, audio and video โ€” think of an AI-generated ad or a deepfake testimonial โ€” must be recognisable as artificial, with a narrow exception for evidently artistic work.

What the GDPR limits: profiling

The heart of AI marketing is profiling, and that is processing of personal data. You need a valid lawful basis (often consent), transparency about the logic, and respect for the special protection of sensitive data. Where an automated system leads to a decision with significant effects on someone โ€” for example, excluding them from an offer or a markedly different price โ€” Article 22 GDPR also applies, with a right to human intervention.

What the DSA adds: advertising rules

The Digital Services Act regulates online advertising separately. Advertising based on special-category personal data (such as health, religion or sexual orientation) is prohibited, as are profiling-based ads targeting minors. Platforms must make ads recognisable and show why you are seeing them. If you advertise through large platforms, these rules reach you indirectly via the advertising terms.

What to do

  • Disclose every customer-facing AI chatbot as AI.
  • Label AI-generated or manipulated advertising content (image, audio, video).
  • Test your profiling: lawful basis, transparency, no sensitive data for targeting, extra restraint with minors.
  • Avoid manipulative design choices that undermine free choice below awareness.
  • Provide human intervention where an algorithm makes a decision with consequences.

AI makes marketing more powerful and more personal โ€” and exactly therefore quicker to fall foul of the rules. The line is not at "personalising", but at "steering without the other person noticing".

Sources

  1. https://eur-lex.europa.eu/eli/reg/2024/1689/oj
    Regulation (EU) 2024/1689 (AI Act): Art. 5 (manipulation and exploitation of vulnerabilities) and Art. 50 (transparency for chatbots/synthetic content).
  2. https://eur-lex.europa.eu/eli/reg/2016/679/oj
    Regulation (EU) 2016/679 (GDPR): lawful basis and transparency for profiling; Art. 22 on automated decisions.
  3. https://eur-lex.europa.eu/eli/reg/2022/2065/oj
    Regulation (EU) 2022/2065 (Digital Services Act): advertising transparency, ban on ads based on special-category data and on profiling-based ads to minors.

Share on LinkedIn

Read next

U

AI and minors: extra protection under the AI Act, GDPR and DSA

Stricter rules apply to children. The AI Act prohibits manipulation and exploitation of vulnerability (Art. 5), the GDPR sets requirements for consent and profiling, and the DSA bans profiling-based advertising aimed at minors.

U

DSA obligations for online platforms: what to arrange

Online platforms under the DSA must comply with an internal complaint mechanism, advertising transparency, protection of minors and a ban on dark patterns, among others. Small enterprises are partly exempt.

U

AI in hospitality and tourism: dynamic pricing, profiling and the GDPR

Hospitality and tourism use AI for dynamic pricing, recommendations and guest profiling. The AI Act rarely treats this as high-risk, but the GDPR is decisive: profiling, automated decisions and transparency call for clear legal bases.

Dirk Baaijen

About this knowledge base

Compiled and maintained by YRproject โ€” programme and project direction at the intersection of digital transformation, AI and regulation. Every factual claim is traceable to its primary source. YRproject is led by Dirk Baaijen About & method โ†’

A project or programme? Work with YRproject โ†’

The monthly briefing

AI regulation in five minutes: what changed, what is coming and what it means. No spam, unsubscribe anytime.

Your address is used for this only and stored on our own servers.