The Wall Street Journal reported that Meta plans to move to a “Pay for your Rights” model, where EU users will have to pay $ 168 a year (€ 160 a year) if they don’t agree to give up their fundamental right to privacy on platforms such as Instagram and Facebook. History has shown that Meta’s regulator, the Irish DPC, is likely to agree to any way that Meta can bypass the GDPR. However, the company may also be able to use six words from a recent Court of Justice (CJEU) ruling to support its approach.
It seems like this might break the GDPR rules for consent:
Any element of inappropriate pressure or influence which could affect the outcome of that choice renders the consent invalid.
https://gdpr-info.eu/issues/consent/
or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance.
https://gdpr-info.eu/recitals/no-43/
I’m not a lawyer though, so maybe a legal expert can chime in.
edit: the jury is still out it seems:
https://techcrunch.com/2023/10/03/meta-subscription-vs-consent/
I think you’d have a hard time legally saying that they have to provide a service to users when that service is paid for by selling access to users via advertising, even if the user refuses to allow that access. It would probably qualify as “necessary for such performance”.
Having the extra option to pay to remove ads (while I think this price is ridiculously excessive) is a pretty reasonable compromise. Although it also feels kinda icky in the sense that it means you’re essentially turning privacy into a privilege for the wealthy. So I dunno, it’s a tricky issue.
I agree, but it’s not like using Meta is mandatory. You can decide not to use their services.
This point gets tricky once things become ubiquitous enough. If I did decide not to use their services (specifically Messenger), I’d be cutting myself off from communicating with 90% of my family, unfortunately. So yeah, it’s a choice that can be made… But how much of a choice is it, in practice?
just because you’re not using their service doesn’t mean they aren’t using your shadow profile
Necessary for performance of such service is like needing your address to ship you food or your identity data to connect you with individuals seeking to employ you. EG the info is necessary and relevant to the performance of the actual task at hand not I need all your data so I can sell it to make money. The alternative is so expansive that it would automatically authorize all possible data collection which is obviously not the intent of the law.
Techcrunch article is misunderstanding the meaning of freely given. It means not under duress and with full understanding. Paying for a service categorically doesnt contradict that.
However the odds of facebook explaining in plain english the egregious privacy breaches they do is unlikely so there’s prob a get out there anyway.
Can’t see how it breaches consent unless, as above they don’t explain what they’re doing to gather info for “personalised” ads.
Am lawyer, not gdpr /EU specialist though.