EU and Meta face off: Your private data shall not be auctioned off
The European Data Protection Committee (EDPC) has voiced concerns over subscription-based data collection models, particularly those implemented by tech giants like Meta (Facebook and Instagram). The EDPC, an influential body that oversees data protection matters across the European Union, issued an opinion on March 19, 2024, questioning the practices of certain web companies.
In response to complaints filed by European citizen groups, Meta proposed to reduce its subscription fees for Facebook and Instagram from €9.99 to €5.99 per month. However, the EDPC's opinion may push Meta to reconsider its model, as it opposes such subscription-based data collection.
The EDPC believes that individuals who refuse to have their personal data collected should not be disadvantaged in their access to essential online services. The committee is concerned that refusing consent may lead to negative consequences such as being excluded from a major service, lack of access to professional networks, or risking loss of content or connections.
The EDPC's concerns are rooted in the fundamental right to data protection, as stated by the EDPC. Data controllers must ensure that this right is not turned into a feature that individuals must pay to benefit from.
The General Data Protection Regulation (GDPR) has contributed to shaping the web as we know it today in France. The EDPB, a sister body to the EDPC, has been at the forefront of enforcing GDPR, particularly when it comes to the practices of companies like Meta.
The EDPB has taken concrete enforcement actions, including binding decisions to impose fines and ban unlawful data transfers. For instance, it overruled lenient national regulator decisions, mandating Meta to pay large fines (€1.2 billion) for illegal EU-US data transfers and to stop future transfers until GDPR compliance is ensured.
The EDPB has also criticised Meta's avoidance of user consent by claiming "legitimate interest" under Article 6(1)(f) GDPR. Courts and the EDPB find this insufficient given users’ fundamental privacy rights.
As alternatives, the EDPB and affiliated European data protection authorities advocate for strict enforcement of GDPR’s consent requirements, particularly for AI training sets and sensitive categories of data. They also suggest the adoption of privacy-by-design principles and robust compliance frameworks, greater transparency and user control over data use, and the suspension of non-compliant data transfers and processing activities until proper legal safeguards are in place.
In a step towards addressing these concerns, the EDPC suggests that large online platforms should consider providing individuals with a free, non-targeted advertising alternative, using minimal or no personal data processing. The EDPC also believes that individuals should be fully aware of the value and consequences of their choices regarding personal data.
The protection of personal data is a fundamental right protected by the European Union since the implementation of the GDPR. The EDPC's stance underscores the importance of this right and the need for tech companies to respect it.
The EDPC's suggestion for tech companies like Meta to provide a free, non-targeted advertising alternative could impact the business model of these firms, especially in the realm of technology and general news.
The controversial subscription-based data collection models, used by tech giants such as Meta, are under scrutiny not only for their potential violations of the fundamental right to data protection but also for their implications in education-and-self-development, politics, and professional networks.
In the face of increasing pressure from regulatory bodies like the EDPC, tech companies need to reconsider their practices, ensuring they adhere to the General Data Protection Regulation (GDPR) and offer transparency and control to users, promoting privacy-by-design principles.
