The European Union is now looking into Meta’s decision to apply the so-called “Pay or Okay” approach. This raises questions not only on how compliant Meta is with the GDPR but also on how ethical it is to charge users merely for privacy.
Since the first week of November 2023, Meta has required its European users to accept intrusive privacy practices or pay €156 per year to access Facebook and Instagram without tracking advertising. The change in practice means that users of Meta platforms now have the choice to experience ad-free social media and to opt out of data tracking but at a hefty price tag.
Eight consumer rights groups from across the region are currently filing complaints with their national data protection authorities against this “consent or pay” choice. In addition, the European Union is preparing for supranational action.
Cybersecurity company’s Surfshark Head of Legal Gytis Malinauskas has provided Digital Journal with some insights considering the context of the General Data Protection Regulation (GDPR).
In terms of uncovered issues by Malinauskas, he points out that Article 7 of the GDPR requires consent to be given freely. According to Malinauskas: “The price of €160 a year requested by Meta for ad-free service is regarded by many as rather high, potentially limiting the freedom of users to choose not to have their data processed.”
Looking at the legislation further, Malinauskas unearths: “Recital 43 of the GDPR states that if the processing of personal data is not necessary for the provision of services, then even if consent has been provided, it cannot be regarded as given freely. In Meta’s case, personalized advertising is not necessary for the provision of services, which raises questions about the legitimacy of the consent.”
What does all this mean? Most likely a continuation of issues affecting Meta, Malinauskas points out, noting: “In January of 2023, Meta was fined €390 million because it was found to have ad practices that do not comply with the GDPR. In total, Meta has been fined €2.6 billion under the GDPR.”
There are questions for Meta to answer and likely outcomes. Malinauskas takes the view: “As pointed out by NOYB, Meta made €72,5 billion from advertising in the European Union between 2018 and 2022. NOYB also claims that a significant part of this revenue could have been achieved from unlawful personalized advertising, so there may still be plenty of room for improvement in GDPR enforcement.”