In response partly to the range of data protection law issues raised by the use of third-party cookies or similar technology (TPC) in modern digital advertising, prominent industry players in countries like Europe are starting to block TPC. In anticipation of the upcoming decline of TPC, key AdTech players, with the support of standardisation bodies like the World Wide Web Consortium, are forging the path ahead in various ways including developing and implementing new techniques, practices and processes that do not involve TPC data points, such as mining telco data or using traditional forms of advertising like contextual campaigns in avant-garde ways, to transform and amplify their business intelligence operations (Strategies).Thus, it is important (1) to fully understand the Strategies used by the AdTech sector and (2) to critically and comprehensively assess, from both legal and regulatory viewpoints, their implications for the level of protection afforded to the individual’s data privacy rights. This report, based on an empirical European project, explores the range of data protection law issues raised by two Strategies, namely, first-party cookies and contextual advertising.It advances five arguments. First, overall, contrary to current stakeholder assumptions, the upcoming TPC decline renders the ‘regulatory space’ from a data protection law lens, even more complex, unpredictable and fragmented than it was when TPC data fuelled AdTech operations. Second, the burgeoning use of first-party cookies to sustain advertising activities raises complex challenges, across plural, overlapping and distinct data protection law frameworks that must be accurately identified and fully addressed, on a case-by-case basis by all relevant actors to protect the individual’s data privacy rights. Where appropriate, existing regulatory (including legislative) gaps, divergences and inconsistencies concerning key matters including the legality of cookie walls must be urgently and effectively addressed to maintain legal coherence and legal consistency. Third, some European data protection authorities must revisit their assumptions about and assessments of the impact of processing the first-party cookie personal on the level of protection afforded to data privacy rights. Fourth, current divergences between regulatory and policy actors about contextual advertising, including whether they use personal data and/or are forms of targeted advertisements, must be effectively resolved using evidence-based approaches to promote regulatory coherence. Finally, it cannot be assumed, without a contextual analysis, that particular contextual advertising campaigns do not interfere with individuals' data privacy rights