[dtech]

It's been a while since I read the GDPR so I could misremember, but I don't remember anything similar to this assertion.

While I don't think it will work on the scale FAANG wants (see e.g. Youtube premium), what is the legal roadblock to let users chose between tracking or paying for the service?

[whimsicalism]

It is literally illegal in the EU, I am pretty familiar with this regulation. This is both from ECJ decisions on gdpr and will also be codified in the DMA

[cccbbbaaa]

It's legal in France: https://www.cnil.fr/fr/cookies-et-autres-traceurs/regles/coo... https://www.cnil.fr/fr/cookies-et-autres-traceurs-le-conseil... https://www.dataguidance.com/opinion/france-cnil-opens-door-...

In Germany too, if I remember correctly.

But if you are so sure about this, please sue so we can get rid of these cookie walls!

[Nextgrid]

Germany has recently ruled this illegal: https://noyb.eu/en/pay-or-okay-tech-news-site-heisede-illega...

[cccbbbaaa]

>Although it took the view that “Pay or Okay” could be permissible in principle, it found that the approach taken by the news outlet didn’t comply with the law because it didn’t provide the option to specifically consent to certain purposes

Not illegal then.

[whimsicalism]

Cheers. It is comical that so many in this thread are suggesting that the GDPR is super clear and not subject to uncertainty given this crazy patchwork of decisions and countermands.

[Nextgrid]

It's only unclear if your business model is malicious and relies on finding innovative ways to breach it and pretend it's compliant.

The regulation is very clear: non-functionally-essential data processing requires explicit consent. If in doubt, err on the side of caution and use consent and opt-in rather than another legal basis such as legitimate interest. Business models based on stalking or spamming are no longer allowed.

Keep in mind that the objective of the regulation is not some punitive shake-down but to give people rights on how their data is used. A good-faith effort that accidentally falls short will be given guidance and a reasonable timeline to implement changes - there's no risk to ever get a fine as long as you err on the side of caution. You can also proactively ask your local regulator for guidance if something is unclear.

[whimsicalism]

Your own link indicates that they have gone back and forth on the guidance around "opt in or pay" models three times already.

As I have said, this model attempts to enshrine free ridership, which might work while there is the rest of the world subsidizes it, but it is not a sustainable model to force tech companies to serve users at a loss.

The objective of the DMA which will serve to enshrine the illegality of these models is to target American tech companies and European legislators have explicitly stated as such.

[alkonaut]

It's still very up-in-the-air since the EU-wide regulation should be uniform. I hope the pendulum eventually stops in a way more privacy friendly place than those recent french ones. Yes it would be a pretty harsh stroke for the business model of some companies (social media, for example) but the alternative seems much worse.

[whimsicalism]

Fair enough, these decisions are recent and are in conflict with other decisions in other countries around the GDPR as well as past guidance from European regulators (the EDPB explicitly said that this was not allowed in 2020). I also don't think you can really say with a straight face that this is a decision that a company like Meta could comfortably rely on, the regulatory uncertainty here is still extremely high.

It also requires a court to decide that your fee is a “reasonable” one and you cannot just refuse access outright - you must make your content available to the non-consenting user.

Regardless, all of this will be illegal anyways once the DMA comes into effect. And I still think, national exceptions aside, that my description of the current state of EU law was accurate:

"The prevalent regulatory approach in Europe is that currently advocated by the European Data Protection Board ('EDPB') in its Guidelines 05/2020 on Consent under Regulation 2016/679 whereby the EDPB provides in no uncertain terms that '[i]n order for consent to be freely given, access to services and functionalities must not be made conditional on the consent of a user to the storing of information, or gaining of access to information (paragraph 39 of the Guidelines)'." [0]

[0]: https://www.dataguidance.com/opinion/france-cnil-opens-door-....