Is EU's fight against the "pay or consent model" about generally restricting the commercialization of private information?

Suppose that Meta obeys EU's will, and becomes paid only (I know, absurd, but this is just an example). Also, I fund a company that pays you for installing our spyware on your phone. Now people can use Meta by selling their PII, with an extra step.

Would be my business legal in the EU? If so, what makes Meta's "pay or consent" model special?

Edit, for clarity: Does the EU want to restrict the commercialization of PII in general (my company would be illegal, you can't deal PII here), or do they only see "pay or consent" as naughty? If the latter, why?

#privacy #EU

@buherator it's all about consent. it cannot be that you can only decline consent if you pay, but not decline consent if you are in the freemium model. people must be able to give or decline their consent without having to pay for the loss of profit for doing so to the company. so it is totally ok to commercialize PII if the subjects do consent.

@stf OK so the users of my theoretical company definitely give consent (you don't have to install my app if you don't want to sell your PII), and can subscribe to paid FB with the money they earn. This is fine, right?

My point would be that this is the same as "pay or consent", only the latter is much more user-friendly.

E.g. FB can copy/buy my company, and create an USD balance for each user, that grows with harvested data and drains with social interaction.

OK I read up on this and things are becoming clearer.

DMA is not a privacy but an anti-trust regulation, so it works that way, _selectively_ regulating entities based on their market power. So the problem is not the "pay or consent" model, but Facebook specifically hoarding data. If my theoretical micro company wanted, it could operate like this.

I'm not sure though, that attacking a problem this way wouldn't result in small enough players hoarding data until they grow large enough to be regulated (the seeds of the problem remain)? Is having a number of small data hoarders qualitatively better than having one large one (considering all of the loot can be bought by EvilCorp)?

I guess such questions will be resolved in new anti-trust cases, lawyers need to put food on the table...

/cc @stf

@buherator the "pay or okay" model is contested by noyb and they have a good explanation why that is bad: https://noyb.eu/en/noyb-files-gdpr-complaint-against-meta-over-pay-or-okay

@stf I think I saw this one and it may be what confused me in the first place! I'll have to read up on this again though...

@stf OK so I read that piece again and I find it very manipulative with slippery slope arguments and implying that FB (and other social media) is a public utility that people just _must_ use. This is wrong.

A reasonable point they make is that a) ppl seriously undervalue their data and at the same time b) FB overprices privacy even compared to its real market value. This effectively means that FB has an obscene EUR/privacy exchange rate, that probably should be sanctioned. Point a) is still a major issue though, and "pay or consent" may have the benefit of showing people how much value their data has (similarly to how price tags without VAT help you understand how much money the gov is really taking from you when you face the real cost of your basket at check out).

As for going against a single business model (instead of regulating the exchange of particular goods in general), see my previous argument.

@buherator i think the essence is this:

> Under EU law, consent to online tracking and personalized advertising is only valid if it is “freely given”. This is to ensure that users only give up their fundamental right to privacy if it is their genuine free will to do so. Meta has now implemented the exact opposite of a genuinely free choice: Facebook alone will introduce a “privacy fee” [..] if users do not consent to their personal data being processed for targeted advertising.

@stf As I see the choice is this: Do I want to use FB's services for a given price (denominated in EUR or personal data)? This is the same choice we make with every purchase.

@buherator do i sell my personal data with every purchase? it is possible not do so, but it is becoming more and more difficult, bringing out the hammer is good, so the choice remains, no?

@stf You're right, not every purchase can be made with the same currencies, but that's beside the point. The decision is if you make the purchase or not.

Previously your purchase was just hidden, and without alternative currencies.

Wow, I didn't know this cash-for-data scheme was actually implemented, but apparently it was, by FB itself :O

https://techcrunch.com/2019/01/29/facebook-project-atlas/

/cc @stf