It only targets user-generated advertising. If a platform chooses to display an add that contains PII, they have to make sure the person whose PII are displayed has agreed.

This particular ruling is about advertising, however:

> There’s nothing inherently in the law or the ruling that limits its conclusions to “advertisements.” The same underlying factors would apply to any third party content on any website that is subject to the GDPR.

If you have legal exposure in the EU, you should ask counsel about it ASAP. Especially if your site may be in the crosshairs for whatever reason.