Meta’s recently launched “pay-or-consent” model — which offers users a choice between paying for an ad-free experience or consenting to data tracking — is under intensifying legal scrutiny across the European Union. While the company claims this approach is compliant with the EU’s General Data Protection Regulation (GDPR), consumer advocates and regulators increasingly disagree.
What Is Meta’s Pay-or-Consent Model?
Rolled out in late 2023, the policy gives Facebook and Instagram users in the EU two choices:
Pay a monthly fee (approximately €10–13) to use the platform without ads and without data tracking.
Continue using the platform for free, but consent to tracking and personalized advertising.
Meta positions this as a way to comply with GDPR by offering a “freely given” choice between options. But critics argue it’s not a real choice — and therefore not valid consent.
GDPR and the Problem of “Forced Consent”
At the heart of this controversy lies one of the GDPR’s foundational principles: valid consent.
Under Article 4(11) and Article 7 of the GDPR, consent must be:
- Freely given
- Specific
- Informed
- Unambiguous
- And revocable at any time
Consumer advocacy organizations — including BEUC (The European Consumer Organisation) and national data protection authorities — argue that Meta’s model violates these principles, especially the “freely given” requirement.
The logic is simple: when the alternative to consent is to pay, and there is no real functional equivalent to accessing the platform without surrendering your data, then the user is essentially coerced into consent.
A Complex Legal Precedent
This debate isn’t happening in a vacuum. It’s playing out in the shadow of the Court of Justice of the European Union (CJEU) ruling in the Bundeskartellamt v Meta Platforms case (July 2023), which emphasized that bundling access to services with consent to data processing is not inherently lawful.
Additionally, the European Data Protection Board (EDPB) issued a strongly worded opinion on “consent or pay” models in October 2023, stating that consent obtained in this way is unlikely to be considered valid under GDPR in most circumstances — especially when the service in question holds a dominant market position.
Consent vs. Contractual Necessity
Meta has attempted to ground part of its legal justification under contractual necessity (Article 6(1)(b) GDPR), suggesting that personalized ads are essential to providing its service. However, the EDPB and other legal experts have pushed back, asserting that targeted advertising is not “necessary” for a social media platform to function.
This argument is crucial because it reveals an ongoing industry trend: framing monetization strategies as compliance mechanisms — rather than designing privacy-forward solutions from the start.
What’s at Stake?
- Precedent: If EU regulators determine that Meta’s model breaches GDPR, it could reshape how digital platforms monetize user data across Europe.
- Penalties: Fines under GDPR can reach up to €20 million or 4% of global annual turnover, whichever is higher.
- Wider impact: Other tech platforms considering similar models will be closely watching this case.
Why It Matters
This controversy strikes at the core of GDPR’s mission: to give individuals meaningful control over their personal data. When platforms ask users to choose between paying money or paying with their privacy, the integrity of that control is called into question.
If consent becomes something you have to buy your way out of, is it still consent — or is it coercion with a price tag?
- We can help you become FADP compliant!
Expert Guidance, Affordable Solutions, and a Seamless Path to Compliance
