27th Feb 2024


'Pay or okay?' — Facebook & Instagram vs the EU

  • As of now, the parent company of Instagram and Facebook, Meta, sells European users a monthly subscription between €9.99 and €12.99 to experience ad-free services (Photo: Kyra Preston)
Listen to article

Since last week, Mark Zuckerberg's Meta corporation is forcing its European users to either accept their intrusive privacy practices — or pay €156 per year to access Facebook and Instagram without tracking advertising.

For the EU, it is yet another test of the General Data Protection Regulation (GDPR)'s credibility. To respond, the EU must focus on three things: swift enforcement of binding rulings, settling the validity of the legal ground for Meta's new model, and comprehensive GDPR review to ensure more effective enforcement.

Read and decide

Join EUobserver today

Get the EU news that really matters

Instant access to all articles — and 20 years of archives. 14-day free trial.

... or subscribe as a group

But it also raises questions about the GDPR — why were their such high hopes, and so few results?

GDPR was passed in 2016 with the expectation that it would rein in Big Tech's 'surveillance capitalist' model and guarantee data privacy in Europe after a host of scandals.

Now, just shy of its fifth birthday, GDPR has not delivered on its promise.

A significant problem has been the lack of enforcement caused by the so-called 'one-stop-shop mechanism' — that entrusts the bulk of work to national Data Protection Authorities (DPAs).

Dublin logjam

As most tech conglomerates have European headquarters in Ireland for tax reasons, it is the Irish Data Protection Commission (DPC) that has the frontline job of ensuring that they comply with GDPR rules.

This has been a task the Dublin regulator has not always willingly carried out.

In the case of Facebook and Instagram, it has ostensibly held the position that Meta's subsidiaries are essentially acting within EU law, despite opposite views by other national regulators. Eventually, this led to a damning overruling of the Irish DPC by the European Data Protection Board (EDPB) and to a landmark decision prompted by the Norwegian DPA's temporary ban under urgent GDPR enforcement.

Thanks to the Irish DPC's 'business friendly' attitude and fault lines in the GDPR framework, Big Tech has repeatedly gotten away with non-compliance. Fines have been too few, too late and too weak. For example, in 2020, Meta paid €747m in fines for its misdeeds, which amounted to little more than 0.6 percent of the $116.60bn the company earned that same year.

Is Meta's new 'pay or okay' model really okay?

Recent actions seem to have finally prompted Zuckerberg's company to rethink its data collection methods in Europe. However, instead of choosing the path of compliance, Meta has adopted a controversial 'pay for your rights' model. As of a few weeks ago, the company sells European users a monthly subscription between €9.99 and €12.99 to experience ad-free services.

This development comes at a crucial time for Europe and the future of its digital policies and has sparked fundamental debates on both the legality and legitimacy of Meta's action.

According to noyb, Max Schrems's privacy advocacy NGO, the question of legality stands on the interpretation of two loopholes. The first is a judgement regarding media outlets pioneering cookie paywalls. The second loophole is an 'obiter dictum' [something said in passing by a judge] of just six words by the Court of Justice of the European Union (ECJ) establishing that, in case of refused consent to particular data processing practices, companies may provide alternative "if necessary for an appropriate fee."

What is sure, however, is that the expensive subscription is not within everyone's economic reach.

Capitalising on this aspect, Meta is ingeniously offering users a 'free like before' option that comes at the cost of continuous personal data harvesting. This is clearly a discriminatory practice with great potential to feed into pre-existing digital inequalities.

There can be no doubt that Meta has yet again thrown down the gauntlet to the EU, and this time, the way the EU reacts will have global ramifications. Indeed, Meta itself has revealed that Europe will serve as an experiment to see whether rolling out similar subscriptions to other countries is feasible and desirable.

This is a significant moment for Europe. Effective GDPR enforcement stands, together with the implementation of the Digital Services Act and Digital Markets Act, as critical tests of the EU's capacity to rein in Big Tech's most abusive and socially damaging practices.

Therefore, resolute action is essential. History has shown that the Irish DPC has repeatedly taken its task too lightly and accepted that Meta could bypass GDPR. This can no longer be the case.

It is of utmost importance that the Irish DPC ensures that Meta fully complies with the EDPB's urgent binding decision or is otherwise banned from collecting data across the EEA. Additionally, the regulator needs to recognise that the new subscription model promotes a 'blanket consensus' approach that is not compatible with GDPR's understanding of consent as "freely given, specific, informed and unambiguous."

Then, the CJEU needs to clarify its stance on the fine print of the Meta Platforms Inc. v. Bundeskartellamt case. Schrems has already filed his first complaint against Meta, but it is up to the court to clarify its position regarding the July ruling and bring legal certainty to the validity of the obiter dictum.

Meanwhile, the European Consumer Organisation (BEUC) also filed a group complaint against Meta's "unfair pay-or-consent model" with the network of consumer protection authorities on Thursday (30 November).

Lastly, it is imperative that the EU reviews GDPR.

In July, the EU Commission tabled a proposal to streamline enforcement. However, this initiative falls short of addressing major GDPR fault lines, among which is the commission's own lack of enforcement. Thus, against DG JUST's best wishes, it seems to be time to reopen GDPR.

In doing so, there is a hold-out chance that the regulation can be turned into a success story. However, it requires more significant reform than what is on the table and a clear signal that privacy is not for sale in Europe.

Author bio

Giulia Torchio is programme assistant for Europe's political economy at the European Policy Centre.


The views expressed in this opinion piece are the author's, not those of EUobserver.

Big Tech's attempt to water down the EU AI act revealed

The launch of ChatGPT has sparked a worldwide debate on Artificial Intelligence systems. Amidst Big Tech's proclamations that these AI systems will revolutionise our daily lives, the companies are engaged in a fierce lobbying battle to water-down regulations.

For Ukraine's sake, pass the EU due diligence directive

The EU Commission's 2022 CSDDD proposal did not include provisions incorporating "conflict due diligence", they were added, after the Russian invasion, by the European Parliament and Council into the final directive text — for Ukraine's sake, vote for it.

Ukraine refugees want to return home — but how?

Fewer than one-in-ten Ukrainian refugees intend to settle permanently outside Ukraine, according to new research by the associate director of research and the director of gender and economic inclusion at the European Bank of Reconstruction and Development.

Latest News

  1. Memo from Munich — EU needs to reinvent democracy support
  2. For Ukraine's sake, pass the EU due diligence directive
  3. All of Orbán's MPs back Sweden's Nato entry
  4. India makes first objection to EU carbon levy at WTO summit
  5. Angry farmers block Brussels again, urge fix to 'unfair' prices
  6. Luxembourg denies blind spot on Nato security vetting
  7. Record rate-profits sees EU banks give shareholders €120bn
  8. Why the EU silence on why Orban's €10bn was unblocked?

Stakeholders' Highlights

  1. Nordic Council of MinistersJoin the Nordic Food Systems Takeover at COP28
  2. Nordic Council of MinistersHow women and men are affected differently by climate policy
  3. Nordic Council of MinistersArtist Jessie Kleemann at Nordic pavilion during UN climate summit COP28
  4. Nordic Council of MinistersCOP28: Gathering Nordic and global experts to put food and health on the agenda
  5. Friedrich Naumann FoundationPoems of Liberty – Call for Submission “Human Rights in Inhume War”: 250€ honorary fee for selected poems
  6. World BankWorld Bank report: How to create a future where the rewards of technology benefit all levels of society?

Stakeholders' Highlights

  1. Georgia Ministry of Foreign AffairsThis autumn Europalia arts festival is all about GEORGIA!
  2. UNOPSFostering health system resilience in fragile and conflict-affected countries
  3. European Citizen's InitiativeThe European Commission launches the ‘ImagineEU’ competition for secondary school students in the EU.
  4. Nordic Council of MinistersThe Nordic Region is stepping up its efforts to reduce food waste
  5. UNOPSUNOPS begins works under EU-funded project to repair schools in Ukraine
  6. Georgia Ministry of Foreign AffairsGeorgia effectively prevents sanctions evasion against Russia – confirm EU, UK, USA

Join EUobserver

EU news that matters

Join us