What’s new with paid privacy protection?
In this era dominated by digitization the significance of privacy is escalating. This is even underscored by the commonplace sharing of personal data, necessary to enable social media and online platforms to make tailored user experiences. Thus, confidentiality turns out being a key factor for privacy and data protection, highlighted by its acknowledgment in the European GDPR Regulation.
But how much is privacy worth exactly? How does digital profiling evolve in relation to the right to privacy? What is (if exists) the right price to pay to prevent companies from using personal data for advertising scope? These questions have become increasingly relevant, particularly following the decision communicated by Meta on October 30, 2023 highlighting a shift of its privacy policy.
The new Meta’s paid privacy policy
The company has announced a new offering for citizens of the European Union and Switzerland, as well as all users accessing its services within the European Economic Area. This new option gives the possibility to subscribe a monthly subscription to Facebook and Instagram without advertising spaces, commonly included in basic users feeds. Alternatively, as usual, people can still access and use Meta’s platforms for free by continuing to be targeted by advertisements.
Regardless of the purchase location, the subscription will apply to all Facebook and Instagram accounts connected in the Accounts Center costing €9.99 per month on PC and €12.99 per month for iOS and Android smartphones. Notably, prices for iOS and Android subscriptions will account for commissions levied by Apple and Google, too.
Furthermore, until March 1, 2024 the initial subscription will encompass all the accounts connected to the Accounts Center; after this date, for each added account it will be applied an additional monthly cost of €6 on PC and €8 on iOS and Android devices.
Whether users choose to keep their Meta accounts for free with ads, or subscribe to an ads-free subscription, the company has ensured its commitment to keep user data and information private and secure in compliance with cyber security and privacy standards set by the company policies and the EU data protection framework.
Digital profiling and data protection: is it right paying for privacy?
Following Meta’s announcement, users were prompted with a pop-up asking for their preference on the new privacy policy concerning Facebook and Instagram services.
Users were presented with the choice to either opt out of personal data tracking and processing for advertising purposes by paying the monthly subscription or, otherwise, accept these conditions to keep using the social media services for free.
But is it right paying for privacy? This delicate issue entails ethical implications. According to the BEUC (Bureau Européen des Unions de Consommateurs), the largest European consumer rights group, the answer is clearly negative. For this reason, it complained against Meta to the association of EU consumer protection authorities addressing the company’s approach illicit and accusing it of adopting unfair, deceptive and aggressive practices.
How does GDPR regulate the new paid privacy protection policy?
To grasp why the model proposed by Meta appears incompatible with the current EU rights framework, it’s imperative to delve into the legislative landscape. GDPR’s Article 25 introduces the clear principle of privacy by default, establishing that no further processing of personal data should occur beyond the minimum necessary.
Given that the services offered by social media platforms are based on user digital profiling and onboarding, there are two potential scenarios: either the aforementioned law is amended in order to introduce fee-based social media services, otherwise it won’t be possible to respect the principle enshrined by the Article 25 of the GDPR, since profiling by default paradoxically undermines the concept of data protection by default.
Furthermore, GDPR’s Article 6, that is another regulatory pillar regarding the protection of personal data, establishes that user profiling is a process that can be carried out only if there is a clear and legit consent from the interested party. As a matter of fact, this approval must be free, informed and revocable to be considered legitimate.
Meta’s approach plainly contrasts with this legal framework. Despite its promise to respect user choices, the company actually gives only one option: accept data tracking or pay. This clashes with GDPR’s Article 7.4, which explicitly prohibits conditioning a service to “the provision of consent to the processing of personal data not necessary for its execution”. Therefore, consent obtained under such circumstances is deemed invalid. Consequently, leveraging the legal basis of legitimate interest for profiling by default results untenable, as “legitimate” inherently implies alignment with the aforementioned law.
So, the alternative proposed by Meta appears at odds with GDPR principles, which are based on transparency and user control over personal data. The only actual way to bypass this legislation would entail repealing fundamental principles such as Articles 25, 6, and 7.4; on the other hand, privacy is not a question that can be relegated to a premium service, but a universal right that should be guaranteed and accessible to all.