I think it's worth noting that there's a big difference between (1) allowing advertisers to display ads on your platform based on user profiles (e.g. matching certain demographics etc) on the one hand, and (2) handing out arbitrary user data on the other.
With the former, you stay in control and are able to enforce access and use, including the guarantees you gave users on how their data is handled. With the latter model, you're handing over the keys to the castle to random and possibly quite shady third parties that you cannot have the slightest chance at controlling.
It seems rather reckless to do (2), both regarding your responsibility towards users, but also economically – if a bad actor exfiltrates all user data into their competing ad service, you have little to keep them from doing that.
With the former, you stay in control and are able to enforce access and use, including the guarantees you gave users on how their data is handled. With the latter model, you're handing over the keys to the castle to random and possibly quite shady third parties that you cannot have the slightest chance at controlling.
It seems rather reckless to do (2), both regarding your responsibility towards users, but also economically – if a bad actor exfiltrates all user data into their competing ad service, you have little to keep them from doing that.