Cheers. It is comical that so many in this thread are suggesting that the GDPR is super clear and not subject to uncertainty given this crazy patchwork of decisions and countermands.
It's only unclear if your business model is malicious and relies on finding innovative ways to breach it and pretend it's compliant.
The regulation is very clear: non-functionally-essential data processing requires explicit consent. If in doubt, err on the side of caution and use consent and opt-in rather than another legal basis such as legitimate interest. Business models based on stalking or spamming are no longer allowed.
Keep in mind that the objective of the regulation is not some punitive shake-down but to give people rights on how their data is used. A good-faith effort that accidentally falls short will be given guidance and a reasonable timeline to implement changes - there's no risk to ever get a fine as long as you err on the side of caution. You can also proactively ask your local regulator for guidance if something is unclear.
Your own link indicates that they have gone back and forth on the guidance around "opt in or pay" models three times already.
As I have said, this model attempts to enshrine free ridership, which might work while there is the rest of the world subsidizes it, but it is not a sustainable model to force tech companies to serve users at a loss.
The objective of the DMA which will serve to enshrine the illegality of these models is to target American tech companies and European legislators have explicitly stated as such.
No, it makes it a legal method of payment as long as you permit free riders or alternatively you can pull up the drawbridge and charge all users for it, preventing poorer people from using the largest public squares in the world.
Free access to global communication is not a bad thing.
But this is besides the point: the guidance is absolutely not clear and if local regulators cannot even get their story straight I am not sure how you expect foreign companies to figure it out. And collecting information about how users use your property is not stalking.
> preventing poorer people from using the largest public squares in the world.
Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.
The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.
Without laws like the GDPR in place to curtail data collection and profiling, it's only a matter of time before more and more data is collected to enable this kind of targeting and lock out poor people too.
> Free access to global communication is not a bad thing.
Global communication being subsidized (and thus controlled) by a handful of commercial interests is very dangerous.
> And collecting information about how users use your property is not stalking.
I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.
> The fact that poor people can currently access things for free is a result of imprecise targeting. If there was a way for advertisers to reliably tell apart poor people from the rich ones they'll happily block the poor ones.
You are absolutely wrong about that and you do not understand the business model. I am not saying it has anything to do with the goodness of their heart but this is absolutely not something that would be in their interest. They benefit from the networks effects just like the users do.
> Advertisers aren't charities and the purpose of advertising is ultimately to drive profit. Subsidizing poor people is not in their interest.
It is possible for self-interested action to have knockoff positive effects. In fact, it is actually quite common: most exchanges are mutually beneficial.
> I'm not talking about basic self-hosted (very important difference!) web analytics or server logs here, I'm talking about large-scale stalking such as what Google/Facebook or any major ad provider does. The information they collect go way beyond what the user does on their platforms.
If you read my original comment, you would see that I am in favor of banning cross-site stalking but that is both not what Meta is being fined for here and not the only thing the GDPR/DMA prohibits.
Targeting based on only your own platform is a good middle ground.
The regulation is very clear: non-functionally-essential data processing requires explicit consent. If in doubt, err on the side of caution and use consent and opt-in rather than another legal basis such as legitimate interest. Business models based on stalking or spamming are no longer allowed.
Keep in mind that the objective of the regulation is not some punitive shake-down but to give people rights on how their data is used. A good-faith effort that accidentally falls short will be given guidance and a reasonable timeline to implement changes - there's no risk to ever get a fine as long as you err on the side of caution. You can also proactively ask your local regulator for guidance if something is unclear.