Meta’s ‘Pay or Consent’ Data Model Breaches EU Law

Security

The EU Commission has informed Meta that its ‘pay or consent’ model breaches EU law as it does not allow users to freely consent to their personal data being collected for advertising purposes.

The Commission’s preliminary view is that the tech giant’s new approach is not compliant with Article 5(2) of the Digital Markets Act (DMA).

This article requires gatekeepers to seek users’ consent for combining their personal data between designated core platform services and other services. If a user refuses such consent, they should have access to a less personalized but equivalent alternative.

Use of the service or certain functionalities cannot be made conditional on users’ consent.

Meta’s pay or consent model, introduced in November 2023, forces EU users of Facebook and Instagram to choose between:

  • The subscription for a monthly fee to an ads-free version of these social networks, or
  • The free-of-charge access to a version of these social networks with personalized ads

This binary choice means users aren’t able to opt for a service that uses less of their personal data but is otherwise equivalent to the personalized ads based service. As a result, users cannot freely consent to their personal data being used for these purposes, according to the preliminary findings.

The Commission believes Meta’s approach gives it an unfair advantage over competitors who do not have access to such as vast amount of data, thereby raising high barriers to providing online advertising services and social network services.

Therefore, Meta must allow users who do not consent to still get access to an equivalent service which uses less of their personal data to ensure compliance with the DMA.

What Happens Next

The Commission’s preliminary view is without prejudice to the outcome of the investigation, which was opened on March 25, 2024. The full investigation will be concluded within 12 months of this date.

Meta now has the right to exercise its rights of defense by examining the documents in the Commission’s investigation file and replying in writing to the Commission’s preliminary findings.

If the Commission’s preliminary views are confirmed, it would adopt a decision finding that Meta’s model does not comply with Article 5(2) of the DMA.

This could give rise to a number of penalties for non-compliance, including a fine of up to 10% of Meta’s total worldwide turnover. Such fines can go up to 20% for repeated infringements.

The Commission has powers to adopt additional remedies, such as obliging a gatekeeper to sell a business or parts of it or banning the gatekeeper from acquisitions of additional services related to the systemic non-compliance.

The Commission added that it continues “constructive engagement” with Meta to identify a satisfactory path towards effective compliance.

Meta has not responded to the Commission’s preliminary findings at the time of writing.

The tech giant remains under investigation by the Commission for Facebook’s and Instagram’s alleged failures to tackle deceptive advertising and disinformation ahead of the European Parliament election in June 2024.

Meta also announced in June that it was pausing plans to train its large language models (LLMs) using public content shared on Facebook and Instagram in the EU due to privacy concerns raised by the Irish Data Protection Commission (DPC).

Image credit: Daniel Chetroni / Shutterstock.com

Products You May Like

Articles You May Like

Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors
watchTowr Finds New Zero-Day Vulnerability in Fortinet Products
Massive Telecom Hack Exposes US Officials to Chinese Espionage
Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes
Amazon MOVEit Leaker Claims to Be Ethical Hacker

Leave a Reply

Your email address will not be published. Required fields are marked *