p>The accelerating emergence of personalised advertising is mostly driven by data. Accordingly, algorithmic profiling has become a constant experience for every online user in predicting preference and interest. The profiling process raises several issues of human privacy and personal data invasion. Therefore, this study adopts the doctrinal legal method through the analysis of International Instruments and the European Union General Data Protection Regulation as legal avenue to safeguard and protect online activities of the data subjects. The findings of this paper discuss the main principles to be observed by the data controller in ensuring the legality of personal data profiling. This paper suggests the profiling process to be design-based security due to unavailability of system procedure to human knowledge. Keywords: Personalised Advertising; Algorithmic Targeting; Personal Data Profiling; EU General Data Protection Regulation eISSN: 2398-4287 © 2022. The Authors. Published for AMER ABRA cE-Bs by e-International Publishing House, Ltd., UK. This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/). Peer–review under responsibility of AMER (Association of Malaysian Environment-Behaviour Researchers), ABRA (Association of Behavioural Researchers on Asians/Africans/Arabians) and cE-Bs (Centre for Environment-Behaviour Studies), Faculty of Architecture, Planning & Surveying, Universiti Teknologi MARA, Malaysia. DOI: https://doi.org/10.21834/ebpj.v7i22.4160