What's illegal about it? It's their service. If they don't want to provide it then they don't have to, including ads if necessary to offset costs. Your choice is to not use it. You can't demand it in whatever way you want if it costs them to serve you.
I want to buy a car without emissions control or catalytic converter, running on leaded fuel. I want to burn that old smokey coal in my home and factory again.
All things laws have forced makers not to do. This is just the same, except it concerns misuse of personal data.
A company that requires ads and data to pay for the service cannot be forced to provide that service without those ads and data at no cost to a user. The choice is freely given as a user by not giving consent to data, which means the site doesn't offer the service.
>cannot be forced to provide that service without those ads and data at no cost to a user. //
AIUI the GDPR means you can't exclude users on the basis of their willingness to give up PII. So you're going to need to charge everyone. You can probably refund those who do give your PII, or pay them for it in a more direct way. But you can't offer a service where the only differentiator between access and denial of service is "give us your PII"?
The PII is necessary to pay for the content. If you don't give consent then they can't process the data and cant offer you the service. Necessary requirements are allowed under GDPR.
GDPR can prevent extraneous data capture but it can't force companies to provide services without compensation.
When you go to the shop and buy a book, do they ask for PII instead of money? It doesn't seem necessary, just the particular way that people have chosen to do things to hide their taking of payment.
Universal service obligations worldwide. Anti-discrimination laws. Mandatory customer warranties. Regulatory standards. The whole world is replete with examples where regulation places restrictions on goods and services, and the conditions under which they can be offered. It is absolutely feasible to disallow mandatory data collection for services. I am honestly struggling to see what problem you can possibly be seeing with this.
The processing of data is a core part of the service when it's how the service is paid for. Not consenting to your data being processed means the service can't be available. This is perfectly allowed under GDPR.
If you're not paying then the company is, and that's a cost. You can't demand that a service be provided to you for free without some greater provisions that subsidize that service. There's nothing illogical about this.
Your examples aren't the same thing. Regulations on how something is offered while being compensated is different from claiming that a service must be offered even if it can't be compensated. We've already discussed this with some of the biggest law firms in the world and I suggest you talk to counsel if you want further clarity.
Okay, I think we've been talking at cross-purposes, and you're arguing that (in the case of free-to-view sites) targeted advertising is a "legitimate interest". Here is the situation as I understand it:
1. Companies can offer services which exploit personal data as part of their commercial business plan.
2. That collection must be reasonably described as a "legitimate interest" for the purposes of establishing a lawful basis for processing under the GDPR.
3. The "legitimate interest" in this case must be such that the site could not reasonably operate without targeted advertising. on order for explicit consent (and the associated option to opt-out) to not be required.
If I understand you correctly, then I agree that if you can construct a valid "legitimate interest" in this vein then you could reasonably require visitors to accept targeted advertising, without it being a GDPR violation. It wasn't clear from your argument that this was what you were saying – statements like "you cant force companies to provide a service at cost to them" are simply not accurate, because it is entirely reasonable and common that regulations require companies to provide services with certain conditions attached (indeed, the GDPR is one of these when you are operating on the "lawful basis" of consent). And further, it is entirely feasible for a regulation to be incompatible with an existing business model, such that a company would no longer be able to offer a service at all (if, for example, TechCrunch were unable to make enough income though non-customised advertising).
However, this position is _far_ from being as clear as you seem to suggest. It is heavily disputed whether or not "online behavioural advertising" constitutes a "legitimate interest" under the GDPR. There are several outstanding complaints on this matter and the question of whether or not OBA can constitute a "legitimate interest" is not at all settled.
That is a creative interpretation that does not seem in line with the text of the GDPR.
> Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment.
I don't think 'we want to sell your information for money' would be considered a necessary part of whatever webservice/website you offer, given that you could choose a different way to monetize it. Thus you need consent, but clearly the situation you present does not meet the definition of 'freely given. But I hope we will soon see this issue being decided in court.