|
>
> |
| META TOPICPARENT | name="FirstPaper" |
|---|
It is strongly recommended that you include your outline in the body of your essay by using the outline as section titles. The headings below are there to remind you how section and subsection titles are formatted.
Paying for Privacy: The Legal and Ethical Challenges of the Pay-or-Consent Model
-- By LiuZihua - 24 Mar 2025
Introduction
Many smartphone users encounter an unsettling experience: after discussing a topic with friends, they often start seeing ads or video recommendations related to that subject on their apps. It feels intrusive, almost as if their devices are eavesdropping. However, this happens even when their microphone is turned off and virtual assistants like Google Assistant are disabled. The likely explanation is that some apps engage in behavioral advertising, which tracks users’ browsing history, purchases, and content engagement through cookies, pixels, and first-party data. By analyzing behavioral patterns, advertisers can predict user interests and deliver targeted ads.
Under the EU’s Article 7 of General Data Protection Regulation (GDPR), consent for such tracking must be freely given, yet companies increasingly manipulate this requirement. One example is the Pay-or-Consent model, which forces users to choose between agreeing to data tracking or paying a fee. Although the recent European Data Protection Board (EDPB) ruled this model invalid in most cases, its opinion is non-binding, leaving user privacy rights vulnerable to ongoing threats. In Bundeskartellamt case, the Court of Justice of the European Union (CJEU) allowed privacy fees if they are “appropriate” but failed to clearly define what is “appropriate,” which implicitly confirmed the model’s legality. This paper examines the legal and ethical concerns arising from these rulings, their implications for user privacy, and proposes regulatory solutions to strengthen privacy protections.
Risks of Contradiction and Uncertainty
First, since the opinion from EDPB on Pay-or-Consent Model is not legally binding, national Data Protection Authorities (DPAs) are not required to enforce it. As a result, platforms like Meta can theoretically continue using Pay-or-Consent model while waiting for further legal challenges, exploiting this regulatory uncertainty. However, this model is economically coercive which contradicts the principle of free consent under the Article 4(11) GDPR. If some users—particularly lower-income groups—must choose between being tracked or paying a fee to protect their privacy rights, their consent is not truly voluntary. Those who cannot afford the fee may feel pressured into consenting, which also undermines Recital 42 of GDPR, which states that consent is not freely given if the user lacks a genuine choice or faces detriment for refusing or withdrawing consent.
Second, the CJEU’s Bundeskartellamt ruling allows platforms to charge privacy fees as long as they are “appropriate”, but it does not define what “appropriate” means. This lack of clarity leads to inconsistent interpretations across EU jurisdictions, where one regulator may see a fee as fair, while another may deem it coercive. Without an objective legal standard, this ambiguity benefits businesses like Meta by allowing them to justify charging high fees. For instance, a company can argue that its high subscription price is justified by the revenue lost from ad-tracking restrictions. Moreover, the CJEU’s implicit confirmation of Pay-or-Consent model contradicts GDPR’s principle of free consent. Even if the fee is deemed “appropriate,” requiring users to pay to withdraw consent still fails to ensure that consent is truly voluntary.
Risk of Monetizing a Fundamental Right
More importantly, the two opinions raise a serious concern—whether privacy is becoming a privilege for those who can afford it rather than a fundamental right for all. The CJEU’s ruling serves as a green light for monetizing privacy, while the EDPB’s recent non-binding opinion functions more like a flashing yellow light—a caution sign warning of risks but unable to stop the practice.
Essentially, regardless of the appropriateness or affordability of the price, the mere trade-off between privacy rights and money undermines the nature of privacy as a fundamental human right. Grounded in both international law (e.g., the Universal Declaration of Human Rights) and domestic laws across multiple jurisdictions (e.g., Article 8 of the European Convention on Human Rights and Article 11 of the American Convention on Human Rights), privacy is recognized as a fundamental human right, essential to dignity and other freedoms—not a commodity to be bought or sold.
Accepting this model sets a dangerous precedent, because it potentially leads to a slippery slope where other fundamental rights (e.g., due process or free speech) could also be subject to similar financial trade-offs. This risks turning inalienable rights into market-driven privileges and undermines the core principles of human rights law.
Risk of Complicating the Already Difficult Process of Obtaining Valid Consent
Under GDPR, the most crucial requirement for conducting behavioral advertising is obtaining explicit, informed, and freely given consent. However, even though the law mandates this, ensuring valid consent in practice remains highly challenging. Organizations frequently use complex language, deceptive interface designs (i.e., dark patterns), and lengthy privacy policies to nudge users toward agreement. These tactics contribute to consent fatigue, where users accept terms without fully understanding the implications. The Pay-or-Consent model further complicates this issue by adding another layer of complexity, as users must evaluate financial trade-offs in addition to understanding the terms before deciding whether to opt in or out of tracking. This further undermines the principle of freely given consent and makes obtaining valid consent even more challenging.
Solutions
The following solutions could help address the risks identified above: First, to prevent the monetization of privacy as a fundamental right, the EDPB’s non-binding opinion could be codified into law to explicitly prohibit platforms from charging users for the right to refuse data tracking. Second, as an alternative, platforms could be required to offer a free version of their service that relies solely on contextual advertising, rather than behavioral tracking. This would ensure that users have a truly privacy-friendly alternative without being forced into tracking. Thirdly, if a complete ban on the Pay-or-Consent model is deemed impractical, the CJEU may establish a clear, objective standard for what qualifies as an “appropriate” privacy fee. It could also issue price guidance to prevent platforms from setting excessively high privacy fees that effectively coerce users into tracking (e.g., the fee must be strictly proportionate to actual lost ad revenue, rather than an arbitrarily high charge).
You are entitled to restrict access to your paper if you want to. But we all derive immense benefit from reading one another's work, and I hope you won't feel the need unless the subject matter is personal and its disclosure would be harmful or undesirable.
To restrict access to your paper simply delete the "#" character on the next two lines:
Note: TWiki has strict formatting rules for preference declarations. Make sure you preserve the three spaces, asterisk, and extra space at the beginning of these lines. If you wish to give access to any other users simply add them to the comma separated ALLOWTOPICVIEW list. |
|