The Hidden Reason Why Europe Has Turned Meta’s “Pay or Okay” into a Competition Issue
European Publishers to Meta: “Personalized ads for me but not for thee”
Recently, European officials leaked that a non-compliance decision in the European Commission’s (EC) Digital Markets Act (DMA) investigation against Meta was imminent. It’s a unique and puzzling investigation, particularly given developments since the launch of the proceedings. Alongside the European Commission, European data protection regulators are also chasing Meta for the same conduct.
In April, the European Data Protection Board (EDPB) issued an opinion on the issue under investigation: Meta’s offer of a subscription-service option as an alternative to the existing personalised advertising-supported version of its social media services.
So why would the Commission bring a case under the DMA if it’s already covered by data protection authorities?
Differences in the application of the laws suggest enforcers are more concerned with particular outcomes rather than principles.
European Regulators’ Attack on Ad-Supported Content
European policymakers have for some years considered the largest US tech companies’ success to be derived not from their ingenuity, management, and hard work, but from the value they derived from their access to user data. The prevailing logic was that by limiting their data access and data processing, European tech companies would become more competitive.
This, combined with sometimes dystopian fears around personalised digital services, has led some European policymakers to forgo ad-supported digital services altogether. European Commission Vice-President and Commissioner for Competition Margrethe Vestager famously once said:
“I would like to have a Facebook in which I pay a fee each month, but I would have no tracking and advertising and the full benefits of privacy.”
European policymakers passed the General Data Protection Regulation (GDPR) in 2016 with the dual aim of facilitating data-flows and data-driven businesses within Europe, while preserving data protection. In January 2023 the Irish GDPR enforcer fined Meta a record-breaking €390 million for processing user data on the basis of contract and legitimate interests (to deliver social media and personalised advertising). The ruling, forced on Ireland by the European Data Protection Board (EDPB), meant that Meta has to offer a version of Facebook and Instagram that does not rely on personalised advertising.
In parallel, the German competition authority went after Meta under competition law, alleging that its data processing was more than was necessary to deliver the service and therefore an abuse of dominance. The case made its way to the European Court of Justice, where the Court upheld the theory of harm, but noted that under the GDPR, users that do not consent to personalised advertising “are to be offered, if necessary for an appropriate fee, an equivalent alternative not accompanied by such data processing operations.” (para. 150)
To comply with its GDPR obligations, and in line with the Court’s ruling, Meta offered a “pay or OK” option: users could either pay a €9.99 fee each month, and have no tracking or advertising, or choose to continue with their free, personalised advertising option.
Commission officials voiced their displeasure, because it revealed a harsh reality: users don’t want to pay a fee each month, they prefer free media supported by personalised advertising. Nevertheless, in response to the pressure, Meta lowered the fee even further, bringing it below the cost of comparable media.
Unfortunately this still wasn’t enough. Data protection authorities demanded an opinion from the EDPB, and Vestager opened a case under the EU’s newly enforceable Digital Markets Act. While both of these cases seek to accomplish the same objective, there’s an important distinction in the law that explains the parallel proceedings.
Stepping in to Save the EDPB from Itself
Forced to issue an opinion on the “Pay or OK” model, the EDPB faced a dilemma. On the one hand, pressure to find Meta’s model illegal, on the other hand, knowledge that the GDPR applies to all companies and an interpretation that prohibited the model would equally condemn pay-walls for major publishers. For European policymakers it seems, the DMA is the third-way out. But it’s not perfect either.
The Commission’s DMA non-compliance investigation against Meta states that it is under Article 5(2) of the DMA, which requires gatekeepers to obtain consent from users when they intend to combine or cross-use their personal data across different core platform services.
“The Commission is concerned that the binary choice imposed by Meta’s ‘pay or consent’ model may not provide a real alternative in case users do not consent, thereby not achieving the objective of preventing the accumulation of personal data by gatekeepers.”
What’s remarkable is that this objective cannot be found anywhere in the DMA itself. It’s a big stretch to insert it, but doing so allows the Commission to prohibit the “Pay or OK” model by Facebook (a designated “gatekeeper” under the DMA), without condemning it for all European publishers (so they can still have their paywalls).
This insight seems further confirmed by the EDPB April opinion on “Pay or OK”.
In it, the EDPB strains itself to justify condemning “Pay or OK”, but goes far beyond the text of the GDPR, introducing the concept of a “very large online platform” (for GDPR purposes, distinct from DSA purposes) to which different rules apply. This isn’t supported by the text and it’s hard to see it surviving in Court, but again spares publishers from having to offer their services for free. Apparently, that’s only a requirement imposed on US tech platforms.
Enforcement under the DMA could very much be challenged in Court as well, but the DMA instrument gives the EC so much discretion and power over so many of Meta’s services, it might be harder to sustain.
If left unchallenged, that means EU enforcers will be able to prevent “big tech” from offering advertising-supported media, while maintaining that possibility for European publishers. A two-tiered system of data protection, whereunder legacy publishers can get away with offering a lower standard of data protection in Europe.
Chamber of Progress (progresschamber.org) is a center-left tech industry association promoting technology’s progressive future. We work to ensure that all people benefit from technological leaps, and that the tech industry operates responsibly and fairly.
Our work is supported by our corporate partners, but our partners do not sit on our board of directors and do not have a vote on or veto over our positions. We do not speak for individual partner companies and remain true to our stated principles even when our partners disagree.
