Around 30 European digital rights organizations have urged the European Data Protection Committee (EDPC) to oppose a fee that demands payment for privacy on online platforms. They believe that this could undermine the General Data Protection Regulation (GDPR).
Meta, in November of the previous year, introduced a Ad-free subscription on Facebook and Instagram. This subscription coexists with a free use type that maintains user tracking for advertising purposes. This decision established a system known as ‘Pay or Accept’, essentially, paying for privacy rights.
The non-profit organization Noyb criticized this subscription, arguing that it did not respect the free consent principle included in European data protection legislation. They explained that users are not truly giving their consent for online tracking and personalized advertising if they opt for the free model. Instead, they argue that Meta “charges a privacy fee”, which contradicts European legislation that aims to ensure that “users only waive their fundamental right to privacy if they genuinely and freely wish to do so.”
In the coming weeks, the EDPB must make a decision regarding the ‘Pay or Accept’ policy after being requested by the competent data protection bodies of Norway, the Netherlands, and Hamburg (Germany). This has prompted 28 European digital rights organizations to pen an open letter to the EDPB, hoping to convince them to vote against this practice.
The organizations, which include Wikimedia Europe, Xnet, noyb and the European Federation of Public Services, argue in the letter that the EDPB’s decision will influence the future of data protection and the Internet in the coming years. They stress the importance of ensuring data subjects a ‘real and free choice’ in relation to the processing of their personal data.
Since Meta implemented the policy on its social networks, many media websites and other digital services have followed suit, offering users the choice to continue browsing for free or to pay (either for daily use or a larger subscription) to access the content.
The signatory organizations acknowledge that this practice is adopted to support “an industrial sector that has suffered from the migration of advertising to big tech companies over the last 20 years. However, they note that what publishers actually receive are “crumbs of a couple of cents per user when people accept online tracking.”
They argue that the benefits stay with large advertiser networks and technology platforms that heavily rely on a surveillance-based business model. They believe this model will not significantly affect the income levels of new publishers.
They also express concern that the ‘Pay or Accept’ practice will not be limited to news websites and social platforms. They fear it can be used by “any industry sector with the ability to monetize personal data through consent.” They argue this would ultimately “successfully undermine the GDPR.”
They also believe that the ‘Pay or Accept’ practice reserves privacy rights for those Internet users who can afford to pay. They argue that it frames privacy as a paid service, normalizing the view that EU residents have no default right to data protection and users have to ‘buy’ their fundamental rights from data controllers.
COOKIE PAYMENT WALLS IN SPAIN
In January, the Spanish Data Protection Agency (AEPD) released a new guide on the use of cookies, text files that websites download to users’ devices to collect information about them for improving their experience or targeting personalized advertising, or both.
The guide stipulates that websites must incorporate a button for users to accept cookies and their tracking, and another to reject them. It supports a third button to manage the use of ‘cookies’, should the user want to specify which ones they accept.
The user’s consent forms the basis of these options. According to the AEPD guide, consent can be obtained “through express formulas”, but also “inferring it from an unequivocal action carried out by the user in a context where clear and accessible information has been provided about the purposes of the cookies and whether they will be used by the same publisher and/or by third parties. It does not regard “the mere inactivity of the user” as consent.
However, the guide does acknowledge cases where access to the website may be prevented or the use of the service may be totally or partially limited if the user does not give their consent, “provided that the user is adequately informed.” It also requires that an alternative, not necessarily free, be offered to access the service without having to accept the use of cookies.
It is this point that has allowed the proliferation of cookie paywalls in Spain over the past month. Websites of media and other digital services display an information window when accessing their site, with the two buttons to accept and reject, along with options to access for free with ‘cookies’ activated or pay to avoid tracking.
