A controversial move by Meta last year left many in the Europe Union reeling. The tech giant had decided to charge users for an ad-free subscription to access Facebook and/or Instagram. However, there was a catch – users would have to agree to be tracked and profiled, allowing Meta to continue its attention-mining microtargeting ad business. This move has sparked a wave of complaints from consumer rights groups. These complaints are being brought under the bloc’s data protection rules.
Currently, Meta charges regional users €9.99/month on web or €12.99/month on mobile to opt out of seeing any adverts per linked Facebook and Instagram account. The only other choice EU users have if they want to access Facebook and Instagram is to agree to its tracking – meaning the offer is: Literally pay for privacy, or ‘pay’ for free access by losing your privacy.
“It is crucial that any consent provided by consumers is valid and meets the high bar set by the law, which requires such consent to be free, specific, informed and unambiguous.” – European consumer organization, BEUC
The European consumer organization, BEUC, which is a membership and coordinating body for eight consumer rights groups located in the Czech Republic, Denmark, Greece, France, Norway, Slovakia, Slovenia, and Spain, has announced that complaints are being filed against this “consent or pay” choice. The groups argue that the choice given to consumers is not truly consent since it is not free, specific, informed, or unambiguous. They state that Meta is trying to coerce consumers into accepting its processing of their personal data.
According to the groups, Meta keeps consumers in the dark about its data processing, making it impossible for the consumer to know how the processing changes if they choose one option or the other. Additionally, the company fails to show that the fee it imposes on consumers who do not consent is indeed necessary, which is a requirement stipulated by the Court of Justice of the EU. The groups also argue that, under these circumstances, the choice about how consumers want their data to be processed becomes meaningless and is therefore not free.
“Meta keeps consumers in the dark about its data processing, making it impossible for the consumer to know how the processing changes if they choose one option or the other. The company also fails to show that the fee it imposes on consumers who do not consent is indeed necessary, which is a requirement stipulated by the Court of Justice of the EU.” – European consumer organization, BEUC
The eight consumer groups, along with BEUC, are accusing Meta of violating the GDPR principles of purpose limitation, data minimisation, fair processing, and transparency. The penalties for confirmed breaches of the regulation can reach up to 4% of global annual turnover, and companies can also be ordered to stop unlawful processing.
Ursula Pachl, deputy director general of BEUC, states in a press release:
“Meta has tried time and time again to justify the massive commercial surveillance it places its users under. Its unfair ‘pay-or-consent’ choice is the company’s latest effort to legalise its business model. But Meta’s offer to consumers is smoke and mirrors to cover up what is, at its core, the same old hoovering up of all kinds of sensitive information about people’s lives which it then monetises through its invasive advertising model. Surveillance-based business models pose all kinds of problems under the GDPR and it’s time for data protection authorities to stop Meta’s unfair data processing and its infringing of people’s fundamental rights.” – Ursula Pachl, BEUC Deputy Director General
BEUC states that a legal analysis conducted with members and the data rights law firm, AWO, has concluded that Meta’s processing of consumers’ personal data breaches the GDPR in multiple ways. They argue that the company has no valid legal basis for processing people’s data for ad-targeting under the bloc’s General Data Protection Regulation.
The BEUC analysis also raises questions about Meta’s use of personal data for content personalisation. They state that it is not clear what legal basis the company is relying upon for this type of processing and there is no way to verify if all of the profiling done by Meta for this purpose is necessary and in line with the GDPR principle of data minimisation.
While these complaints will likely go back to Ireland’s Data Protection Commission, which is Meta’s lead data supervisor in the EU, there are other avenues where the company’s consent choice is facing scrutiny. The European Commission is also empowered to enforce the Digital Service Act and Digital Markets Act on Meta, potentially leading to fines and corrective orders. So, while Meta’s controversial consent or pay offer may seem to be a valid choice, it is facing multiple challenges that could finally force the company to reform its surveillance business model.