General Data Protection Regulation (GDPR) , Governance & Risk Management , Privacy

EU Data Regulator Threatens Meta's 'Pay or Okay' Model

The European Data Protection Board Says the Company Inhibits Real Choice for Users
EU Data Regulator Threatens Meta's 'Pay or Okay' Model
The exterior of Facebook's European headquarters, in Dublin, Ireland (Image: Shutterstock)

Social media giant Meta's attempt to navigate European data protection rules by offering a fee-based opt-out from behavioral advertising came under fire Wednesday by a trading bloc agency that said freedom from personalized marketing should typically be free.

See Also: A Look at Processing Principles Under the GDPR, CCPA, and the EU-US DPF

The Facebook parent has come under mounting European pressure after it reacted in late 2023 to setbacks at the behest of European data protection authorities by rolling out an option for users to buy their way out of having their web activity tracked for advertising purposes - a model known as "pay or okay" (see: Pressure Mounts on Meta to Scrap 'Pay or OK' Model in EU).

The European Data Protection Board added to that pressure in a statement that says opt-outs to behavioral advertising "should not be the default way forward for controllers." The board's mandate under the General Data Protection Regulation is ensuring a consistent application of the sweeping privacy regulation across trading bloc members.

Instead, they should rely on an "equivalent alternative" that does not "entail the payment of a fee" and comes with limited processing of personal data.

"Meta is out of options in the EU," said Austrian privacy activist Max Schrems, who in November filed a complaint alleging that consent to online tracking cannot be "freely given" under the GDPR if it comes at a literal high cost. He filed a follow-up complaint in January.

Schrems and other European activists say that behavioral advertising conducted without express consent intrudes on a fundamental right to privacy.

"Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy. Individuals should be made fully aware of the value and the consequences of their choices," said Anu Talus, the EDPB chair.

The regulator intends to develop guidance on "pay or okay" consent following industry consultation.

EDPB's latest opinion comes after Norwegian, Dutch and Hamburg data protection authorities questioned the validity of the subscription opt-out model.

A Meta spokesperson did not immediately respond to a request for comment, although the company has earlier said the payment model "follows the guidance of the highest court in Europe" (see: Pressure Mounts on Meta to Scrap 'Pay or OK' Model in EU).


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.