Intrusive advertising is the bane of most users’ experiences of social media, but it has always seemed a necessary evil, the price you must pay to use many platforms.
However, this might soon be coming to an end – albeit at a cost.
As we reported on 31 August, the Norwegian data protection authority, Datatilsynet, has been fining Meta Platforms 1 million kroner (approximately €87,000) per day since 14 August, having ruled that Meta’s behavioural advertising – personalised advertising that targets individuals based on analysis of their online behaviour – is non-consensual and therefore in breach of the GDPR (General Data Protection Regulation).
Datatilsynet’s decision was based on a January decision by the Irish DPC (Data Protection Commission), Meta’s lead supervisory authority in the EU, and a subsequent ruling by the CJEU (Court of Justice of the European Union).
Apparently recognising that its advertising revenue – which accounts for the majority of its profits – will drop as a result of the courts’ decisions, Meta is now considering other operational models to ensure it continues to profit.
Fortunately for the social media giant, the CJEU’s ruling itself provided an answer.
It said: “users must be free to refuse individually, in the context of the contractual process, to give their consent to particular data processing operations not necessary for the performance of the contract, without being obliged to refrain entirely from using the service offered by the online social network operator, which means that those users are to be offered, if necessary for an appropriate fee, an equivalent alternative not accompanied by such data processing operations” [emphasis added].
Therefore, according to the Wall Street Journal, Meta is planning to charge European users a monthly fee to use Facebook or Instagram without advertising. In other words, if you want data privacy, you’ve got to pay for it.
Details are few so far, but Meta has apparently suggested €10 per month for desktop users, with a higher price of €13 per month for mobile app users, to account for Apple and Google’s commissions.
The shape of things to come?
If Meta takes this course, it’s highly likely that other tech giants will follow suit.
The commodification of personal data is central to most big tech companies’ business models, with behavioural advertising a key source of earnings. If this is not allowed under the GDPR, subscription seems the obvious next step, although whether this can offset the shortfall caused by lost advertising revenue remains to be seen.
Unsurprisingly, the privacy rights campaigner Max Schrems of noyb (none of your business) is unimpressed.
“Fundamental rights cannot be for sale,” he said. “Are we going to pay for the right to vote or the right to free speech next? This would mean that only the rich can enjoy these rights, at a time when many people are struggling to make ends meet. Introducing this idea in the area of your right to data protection is a major shift. We would fight this up and down the courts.”
And so the ongoing struggle between surveillance capitalism and data privacy rumbles on.
The easy route to GDPR compliance
Europrivacy™/® is the first GDPR certification mechanism recognised by the EDPB (European Data Protection Board) as the European Data Protection Seal, as defined by Article 42 of the Regulation, in all EU member states.
IT Governance Europe’s parent company, GRC International Group, is an official partner of the ECCP (European Centre for Certification and Privacy) to support the implementation of Europrivacy data-protection-related services.
Alongside our sister companies IT Governance UK and GRCI Law Limited, we offer a comprehensive range of services to organisations that wish to certify that their data protection practices comply with the EU GDPR and relevant national data protection laws.
IT Governance Europe is at the forefront of helping organisations implement GDPR-compliant processes and achieve certification to standards and frameworks such as ISO 27001, ISO 27701, Cyber Essentials, the PCI DSS (Payment Card Industry Data Security Standard), and others.
Our highly experienced consultants, supported by GDPR-specific tools and processes, can work with clients all over the world to ensure their data processing practices meet the Europrivacy standard and are fit for certification.
Contact us today to learn how we can help with your GDPR compliance project.