This is a provision of the article 6 of the GDPR, which describes very broadly that you have to justify your legitimate interest with a fair reason to process user data. It is mostly there to allow for IT security, fraud prevention, but also marketing.

Unfortunately, the way the regulation is written is quite imprecise and subject to interpretation. You can read this page, it will give you an insight on the possible interpretations:

https://www.gdpreu.org/the-regulation/key-concepts/legitimate-interest/

My understanding is that you have the choice between the following modes :

• Consent = you allow for personalized data collection and ads integration can make use of any tracking information saved in your browser and on the servers of the third party provides
• Legitimate interest = you allow for data collection without personalization, but the provider might still be context aware and provide for example ads based on broad information like your country, language etc
• Nothing = you refuse any processing and connection to a third party server