Meta’s pay-or-consent model hides ‘massive illegal data processing ops’: lawsuit – Source: go.theregister.com

Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a “fake choice” between paying up and consenting to being profiled and tracked via data collection.

Essentially, as any of our readers based in the European Union, European Economic Area (EEA) or Switzerland who dabble in Facebook and Instagram will know, Mark Zuckerberg’s company has been rolling out changes to the service in the EU since late last year.

Those of us with aunties on FB or friends on Instagram were asked to say yes to data processing for the purpose of advertising – to “choose to continue to use Facebook and Instagram with ads” – or to pay up for a “subscription service with no ads on Facebook and Instagram.” Meta, of course, made the changes in an attempt to comply with EU law.

But privacy rights folks weren’t happy about it from the get-go, with privacy advocacy group noyb (None Of Your Business), for example, sarcastically claiming Meta was proposing you pay it in order to enjoy your fundamental rights under EU law. The group already challenged Meta’s move in November, arguing EU law requires consent for data processing to be given freely, rather than to be offered as an alternative to a fee. Noyb also filed a lawsuit in January this year in which it objected to the inability of users to “freely” withdraw data processing consent they’d already given to Facebook or Instagram.

Complaints filed by eight European Consumer Organisation (BEUC) members today are based on European data protection law, the General Data Protection Regulation (GDPR) rather than on consumer laws; previous complaints by the group of 19 focused on Meta’s commercial practices, which they said were unfair because it “misleads” consumers into thinking that “by opting for the paid subscription as it is presented, they get a privacy-friendly option involving less tracking and profiling.” Those consumer suits also argued that the platforms’ market dominance meant users didn’t really have a choice.

Today’s GDPR complaints from BEUC argue that Meta’s pay-or-consent model breaches data protection principles of the law, including the principles of purpose limitation, data minimisation, fair processing and transparency, with said processing enabling the company to “infer private details about the consumer.”

The group also claim Meta has no valid legal basis under the GDPR for its data processing for advertising because it relies on consent. It also claims Meta cannot “account for the lawfulness of its processing for content personalisation” because the social media giant doesn’t make it clear that its purpose is necessary for the relevant contract or that the “profiling” is consistent with the principle of data minimisation. Lastly, the Euro groups are claiming in their complaints that the model is inherently unfair because of a “lack of transparency, unexpected processing, [the] use of its dominant position to force consent, and switching of legal bases in ways which frustrate the exercise of data subject rights.”

Each of the groups is expected to file with its own national data protection watchdog today.

• Norway wants Facebook behavioral advertising banned across Europe
• Meta’s data-hungry Threads skips over EU but lands in Britain
• Meta promises UK it won’t pilfer rivals’ ad data to build Facebook Marketplace
• Latest antitrust problem the EU has with Meta? It’s classified

Meta told The Reg it disputes the allegations, adding that it takes “our regulatory obligations extremely serious and are confident that our approach complies with GDPR.”

It added that it believes Meta’s “Subscription for no ads” model “addresses the latest regulatory developments, guidance and judgments shared by leading European regulators and the courts over recent years. Specifically, it conforms to direction given by the highest court in Europe: in July, the Court of Justice of the European Union endorsed the subscriptions model as a way for people to consent to data processing for personalised advertising.”

The lawsuits are the latest in a run for Meta, which has been struggling to conform with EU legislation. Last year it copped a record €1.2 billion GDPR fine from Ireland’s Data Protection Commission for “systematic, repetitive and continuous’ transfer to the US of data belonging to EU residents.”

The social media giant was also forced to wait until December last year to launch its Twitter rival, Threads, in the European Union – a full five months after its release in the rest of the world. The delay, which Meta chalked up to the “unique regulatory requirements” in the bloc, can’t have helped it in the race to ramp up traction in the space, as Bluesky and Mastodon vie to snatch Twitter’s market share after Elon Musk’s company made access to Twitter/X’s API unaffordable for many.

It’s not for nothing that every Meta SEC filing states under Risk Factors that “government restrictions on access to Facebook… or other actions that impair our ability to sell advertising in their countries” could be a problem for the social media giant. And most recently, the EU’s Digital Markets Act and Digital Services Act are keeping the GDPR company after joining that disclaimer in its SEC filings.

Still, it’s not hurting too badly, judging by Meta’s financials. On February 1, 2024, Meta issued its “first-ever quarterly cash dividend.” Meta made $131.948 billion of its $134.9 billion topline in fy2023 from advertising.

Meta said in a 10K earlier this month that its Family of Apps segment (Facebook, Instagram, Messenger, WhatsApp, and other services) revenue in 2023 had increased by $18.56 billion, or 16 percent, compared to 2022, noting that: “The increase was almost entirely driven by advertising revenue.” ®