‘Pay or Consent’ Model Breaches Rules

Following an investigation into whether the big tech companies are complying with the new Digital Markets Act (DMA) rules, the European Commission’s preliminary findings say that Meta’s ‘Pay or Consent’ model for data-sharing is in breach of its new rules. 

Investigation 

The European Commission (EC) launched an investigation into Google, Apple, and Meta to determine if their practices comply with the DMA. This (still ongoing) inquiry has been focused on potential violations by these tech giants that may undermine fair competition and consumer protection in the digital market. 

Google and Apple, for example, are under scrutiny over their app store policies and possible restrictions on third-party developers, which could inhibit competition. The investigation into Meta centres on its ‘pay or consent’ model. 

The Commission is essentially aiming to ensure these companies do not misuse their ‘gatekeeper’ positions to engage in unfair practices, restrict consumer choice, or impose discriminatory conditions. The investigation could result in significant penalties and mandated changes to their business practices to comply with the DMA. 

What Is Meta’s Pay Or Consent Model? 

The ‘pay or consent’ model is a business practice where users are given a binary choice between two options – either pay a fee for a service or consent to having their data collected and used for targeted advertising. In November 2023, in response to regulatory changes in the EU, Meta introduced its binary ‘pay or consent’ offer. This means that EU users of Facebook and Instagram must choose between: (i) the subscription for a monthly fee to an ads-free version of these social networks or (ii) the free-of-charge access to a version of these social networks with personalised ads. 

The Preliminary Findings – Why Is ‘Pay or Consent’ Not Acceptable Under The DMA Rules? 

The European Commission says it has informed Meta of its preliminary findings that its ‘pay or consent’ advertising model fails to comply with the Digital Markets Act (DMA). The Commission says, in its preliminary view, “this binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalised but equivalent version of Meta’s social networks”. 

According to the European Commission, Meta’s ‘pay or consent’ model breaches Article 5(2) of the Digital Markets Act (DMA) because: 

– It doesn’t allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the “personalised ads” based service.  

– It doesn’t allow users to exercise their right to freely consent to the combination of their personal data. 

The EC says that to ensure compliance with the DMA, “users who do not consent should still get access to an equivalent service which uses less of their personal data, in this case for the personalisation of advertising.” 

What Next For Meta? 

Further to being informed of the EC’s preliminary findings, Meta can now exercise its rights of defence, i.e. by examining the documents in the EC’s investigation file and replying in writing to the EC’s preliminary findings. The EC’s investigation is scheduled to conclude within 12 months from the opening of proceedings (on 25 March 2024). 

What If Meta Is Found To Be Breaching EU Rules? 

If the EC’s preliminary views are found to be confirmed and it decides Meta’s model really doesn’t comply with Article 5(2) of the DMA, it could impose fines up to 10 per cent of Meta’s total worldwide turnover! For repeated infringement, this fine could even be increased to 20 per cent. In the extreme case of “systematic non-compliance”, the EC could take additional measures such as obliging Meta to sell a business (or parts of it) or to ban Meta from acquisitions of additional services related to the systemic non-compliance. 

Constructive 

For the moment, however, the EC says it is continuing “constructive engagement with Meta” to identify a satisfactory path towards compliance. 

What Does This Mean For Your Business? 

The European Commission’s investigation into Meta’s ‘pay or consent’ model is a significant development with broad implications for businesses in the UK and beyond. The Commission’s findings highlight the increasing regulatory scrutiny on how tech giants manage user data and the necessity for compliance with stringent data protection laws like the Digital Markets Act (DMA). 

For Meta, this scrutiny could potentially lead to substantial operational and financial changes. If the investigation confirms the preliminary findings, Meta may face hefty fines, as much as 10 per cent of its global revenue, or even 20 per cent for repeated offences. Such financial penalties would not only impact Meta’s profitability but could also mean a restructuring of its business model in the EU – certainly things that Meta would want to avoid.

At the moment, however, these are only preliminary findings and ‘constructive’ negotiations are under way. It has nevertheless sent a warning shot across their bows that the EC is watching and is serious about enforcement from the outset, thereby underscoring the importance of adhering to regulatory requirements and maintaining transparent data practices. 

Other big tech companies, particularly those operating within the EU, should take note of this investigation. The EC’s rigorous approach is also a signal of a broader regulatory trend that takes consumer rights and fair competition more seriously. Google, Apple, and similar companies must therefore ensure their policies align with DMA provisions to avoid similar investigations and potential penalties. This will mean proactive compliance strategies, where businesses regularly audit and adjust their data handling practices to meet evolving regulatory standards. 

For UK businesses, particularly those in the tech and digital sectors, the implications are twofold. First, understanding and complying with EU regulations remains crucial, especially for businesses with a significant user base or operational presence in Europe. The DMA’s focus on fair competition and consumer protection could lead to stricter data governance requirements, necessitating adjustments in how data is collected, stored, and utilised. 

Secondly, this development may offer a competitive edge to businesses that adhere to ethical data practices and who are transparent. By aligning with regulatory standards and demonstrating a commitment to user privacy, UK businesses can build trust and differentiate themselves in a market increasingly concerned with data protection. 

In essence, therefore, this ongoing investigation into Meta’s practices (as well as Google and Apple) serves as a reminder of the critical importance of regulatory compliance in the digital age, and that the EU area is getting serious about data protection and competition where tech firms are concerned. Businesses should, therefore, stay informed about legal developments, proactively engage with regulatory frameworks, and pay serious attention to matters of user privacy and data governance.