Meta (formerly known as Facebook) is facing yet another privacy challenge from the European Union (EU). This time, it involves the controversial choice of paying for privacy consent. Stay tuned for more updates on this developing situation! #ENBLE #Privacy
Privacy Rights Challenge Against Meta's Attempt to Track and Profile Facebook and Instagram Users in Europe Despite Stringent Data Protection Laws in the Region
Meta Faces Another Challenge in Europe: Making Consent Harder to Withdraw than to Grant 🙄🔒
Adtech giant Meta, formerly known as Facebook, is once again in hot water in Europe. This time, privacy rights advocacy group noyb (None Of Your Business) has filed a complaint with the Austrian data protection authority, challenging Meta’s handling of user consent for tracking ads on Facebook and Instagram. The complaint alleges that Meta is violating EU law by making it easier for users to grant consent than to withdraw it. 🤔
Let’s rewind for a moment. Last year, Meta faced major privacy setbacks when European courts invalidated the company’s legal bases for processing user data for ad targeting. After years of complaints from privacy campaigners, Meta claimed it would switch to a consent-based model for tracking. However, the choice they presented to users was not so simple. If users don’t want to be tracked and profiled, they have to pay for monthly subscriptions to access ad-free versions of the platforms. Meanwhile, those who want free access have to “consent” to tracking. Noyb argues that this approach makes it excessively difficult for users to withdraw their consent, a violation of the General Data Protection Regulation (GDPR).
To withdraw consent under Meta’s system, users have to sign up for a monthly subscription, while granting consent is just a click away. This discrepancy contradicts the GDPR’s requirement that withdrawing consent should be as easy as giving it. Noyb’s complaint highlights the inherent friction in Meta charging money to protect users’ privacy. They argue that paying €251.88 per year to withdraw consent is far from being as easy as clicking an “Okay” button. 💰
The stakes are high for Meta. Breaching the GDPR can result in penalties of up to 4% of global annual turnover. While such fines could be substantial, Meta is more concerned about the possibility of EU regulators forcing them to offer users a genuinely free choice to reject tracking. This could significantly impact Meta’s business of targeted advertising in Europe, which reportedly accounts for around 10% of the company’s global ad revenue. 😬
In a recent FAQ, the Austrian DPA tackles the issue of “pay or okay,” referring to charging for access to a website as an alternative to consent. However, it emphasizes that this alternative must comply fully with the GDPR, including ensuring that consent is specific and the price for the payment option is fair and not unreasonably high. Yet, there is currently no case law from the Court of Justice of the European Union (CJEU) on this matter, making it a topic that will likely be settled through referral to the CJEU in the future. 📚
- Google is slashing jobs in its voice assistance and hardware teams,...
- 🚀 The State of Female Founders in Venture Capital 🚀
- The Rise of Spot Bitcoin ETFs: A Gateway to Bitcoin Investment
As is customary, GDPR complaints against Meta are typically referred to the Irish Data Protection Commission (DPC), which serves as Meta’s lead data supervisor under the one-stop-shop mechanism. Noyb’s complaints regarding Meta’s “pay or okay” tactic will likely end up in Dublin. However, if the Irish DPC initiates a formal inquiry, it could take years before a final decision is reached, similar to the case involving Meta’s legal basis for ads, which was decided earlier this year after being filed in May 2018. Meta has also appealed this decision in Ireland. ⏳
While regulatory processes unfold, the privacy of Facebook and Instagram users in Europe remains at the mercy of Meta. They can choose to stop using these dominant platforms entirely, but in the meantime, Meta continues to profit from Europeans’ personal data. However, more legal actions are being taken against Meta for privacy violations, including a €600 million damages claim from Spanish publishers last year, alleging unfair competition due to Meta’s lack of legal basis for microtargeting users.
In conclusion, Meta’s options for tracking and profiling users for ads have significantly narrowed under the GDPR. With consent as the remaining legal basis, the company’s approach to framing this choice has become a focal point of privacy action. The outcome of this latest complaint will likely have implications for Meta’s data practices and the future of targeted advertising. ⚖️
🙋♀️ Reader Q&A:
Q: Can Meta charge users to protect their privacy? A: Noyb argues that Meta’s approach to charging users for privacy protection violates the GDPR. The law requires consent to be as easy to withdraw as it is to grant. Paying a fee of €251.88 per year to withdraw consent is considered excessive and not in line with the GDPR’s principles.
Q: Does the Austrian Data Protection Authority have the power to take urgent action? A: Noyb has petitioned the Austrian DPA to initiate an urgency procedure based on recent case law indicating that DPAs have a duty to provide effective protection of data protection rights. However, the Austrian DPA has yet to decide whether urgency measures are warranted in this case.
Q: What happens if Meta violates the GDPR? A: Penalties for GDPR breaches can be severe, with fines of up to 4% of a company’s global annual turnover. While such fines could have a significant financial impact, Meta is more concerned about the potential for regulators to force them to offer users a genuine choice to reject tracking, which could undermine their ad business in Europe.
Q: How long does it take for regulatory decisions on privacy cases against Meta? A: Regulatory investigations and decisions can take a long time. For example, a previous complaint filed by noyb against Meta’s legal basis for ads took several years before a final decision was reached. If the Irish DPC initiates a formal inquiry into the “pay or okay” tactic, it could be some time before a resolution is reached.
