Brussels, Belgium – Facebook owner Meta and other online platforms must not force users to pay for the right to data protection enshrined in EU law when offering ad-free subscriptions, the European data regulator said Wednesday.
“Online platforms should give users a real choice when employing ‘consent or pay’ models,” the European Data Protection Board (EDPB) chair Anu Talus said in a statement.
“The models we have today usually require individuals to either give away all their data or to pay,” she said. “As a result, most users consent to the processing in order to use a service, and they do not understand the full implications of their choices.”
Meta in November launched a “pay or consent” system allowing users to withhold use of their data for ad targeting in exchange for a monthly fee — a model that has faced several challenges from privacy and consumer advocates.
Meta has long profited from selling user data to advertisers but this business model has led to multiple battles with EU regulators over data privacy.
The latest announcement came after the data protection authorities of The Netherlands, Norway and the German state of Hamburg went to the EDPB for an opinion regarding the pay-or-consent model used by Meta.
The Silicon Valley company allows users of Instagram and Facebook in Europe to pay between 10 and 13 euros (around $11 and $14) a month to opt out of data sharing.
Meta pointed to an EU court ruling last year that it said opened the way for subscriptions as a “legally valid” option. “Today’s EDPB opinion does not alter that judgment and subscription for no ads complies with EU laws,” a Meta spokesperson said.
Meta is waiting for a decision on its model by the data privacy regulator in Ireland where the company is headquartered.
‘Binary choice’
All digital platforms must comply with the European Union’s mammoth general data protection regulation (GDPR), which has been at the root of EU court cases against Meta.
The EDPB in its opinion argued that Meta’s model was at odds with the GDPR’s requirement that consent for data use must be freely given.
“In most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee,” the opinion read.
The EDPB also warned the type of subscription service put forward by Meta “should not be the default way forward” for platforms.
It suggested that platforms should consider an alternative that would give users the right to reject being tracked for advertising purposes without the need to pay.
Privacy defenders welcomed the opinion.
“Overall, Meta is out of options in the EU. It must now give users a genuine yes/no option for personalised advertising,” said prominent online privacy activist Max Schrems.
“We know that ‘Pay or Okay’ shifts consent rates from about three percent to more than 99 percent — so it is as far from ‘freely given’ consent as North Korea is from a democracy,” said Schrems.
Tech lobby group CCIA however warned the EDPB risked “opening a Pandora’s Box”.
“Forcing businesses to offer services at a loss is unprecedented and sends the wrong signals,” said CCIA Europe’s senior policy manager, Claudia Canelles Quaroni.
“All companies should be able to offer paid-for versions of their services.”
raz/gv
© Agence France-Presse
