Centre for a Digital Society, Video here.
These are my very rough talking points on pay or okay in full length (more than I actually had the chance to say)
As we all know, contestability is one of the DMA’s two primary
objectives, the other being fairness. The recitals that specifically refer
to the obligations under Article 5(2) expressly address the goal of
contestability.
The General Court in its recent decision Bytedance ruling
dismissing ByteDance’s action seeking the annulment of the
European Commission’s designation decision of its TikTok service
defines the objective of ensuring the contestability of markets as the
ability of undertakings to effectively overcome barriers to entry and
expansion and challenge the gatekeeper on the merits of their
products and services. Importantly the Court also pointed out that the
purpose of the DMA is to ensure the contestability of the position of
gatekeepers not only by other gatekeepers but also, or even especially,
by other operators which are not gatekeepers for a given CPS.
contestability’ relates above all to the ability of undertakings which
are not gatekeepers for a given CPS to challenge those gatekeepers on
the basis of the merits of their products and services.
What this provision aims to address are the advantages in terms of
data accumulation, thereby raising barriers to entry, from which
gatekeepers benefit. Thus, it aims to ensure that gatekeepers do not
unfairly undermine the contestability of core platform services.
Meta presented the pay or okay model as its compliance solution with
Article 5(2) to the Commission. The issue before us is not so much
whether the solution for compliance with Article 5(2) abstractly
conforms to the objective of ensuring contestability, this is not how
the DMA is supposed to work, but whether it is directly compliant
with the obligations set forth in Article 5(2). Therefore, we must look
to the letter and spirit of the obligation.
The pay or consent model presents users with a binary choice. Either
users subscribe for a monthly fee to an ads-free version of these social
networks or to a free-of charge access to a version of these social
networks with personalised ad. Users who do not consent if they want
to continue using the service have to pay a monthly fee.
This is clearly in breach of the DMA
In terms of legislative history of the DMA it should be remembered
that the elements laying down the requirements for consent under
the DMA reveal that the legislators were very well aware of the
shortcomings surrounding consent. As a matter of fact, the rapporteur
proposed to remove the option of consent, arguing that informed
consent is “virtually unachievable” and instead opt for an outright
prohibition. Recital 36 emphasizes the necessity for gatekeepers to
enable end users to freely choose to opt-in to data processing by
offering a less personalized but equivalent alternative. This is the
condition specified by the DMA to ensure that the user is able to
choose freely.
In order to be compliant what should Meta do then?
First, users who do not consent should have access to a less
personalized service. It should be noted that in this case, "less
personalized" refers to the personalization of advertising – meaning a
service that uses less data.
Second, users who do not consent should have access to those social
networking services are free. Otherwise this wouldn’t be equivalent to
Meta’s social networking services which are also free. A paid
subscription is not a valid equivalent to free access.
Commission officials noted that Meta could still offer a subscription
option, but any paid choice would need to be an additional offer (i.e. a
third choice) on top of a free equivalent that does not demand users
consent to being tracked.
I think the DMA is clear and that Meta's pay or okay is in breach of the letter of the
DMA. I find it quite surprising that this was proposed as a compliance
solution, and the Commission must conclude the proceedings by
reaching an infringement decision. Therefore, if users do not have
access to a less personalized but equivalent alternative, there isn't a
true choice, and it cannot be said that users are able to freely choose.
The pay or okay model is thus non-compliant because it does not
allow users to exercise their right to freely consent to the combination
of their personal data. Consequently, citizens aren't able to take
control of their data.
Obviously, Meta claims that it is compliant with the DMA. They also
argue that their pay or okay model was legitimized by the Court of
Justice in the Meta ruling. This preliminary ruling, as I believe we all
know here, stems from the German Facebook saga, which the
Bundeskartellamt has recently managed to conclude.
The judges stated in that ruling that a paid version of a service may be
offered as an alternative to tracking ads, provided that the fee is
appropriate and only if necessary - le cas écheant (cumulative conditions). In the
DMA context, the gatekeeper would therefore have to argue why a
fee falls into "le cas échéant."
But is that fee truly really meets le cas échéant? In reality, Meta could offer an
alternative service with ads that do not rely on any personal data for
targeting — such as contextual advertising. Meta has never explained
why it has not offered users a free, contextual ads option.
Is the pay or consent model a complex case under the DMA that
requires numerous panels? I would not say so, and the Commission is
right to proceed swiftly to an infringement decision. This obligation is
clear enough to be self-executing.
This does not mean dealing a fatal blow to targeted advertising. No,
because those users who prefer it can choose it, but those who do not
want it can also make a choice.
It's not that a paid option cannot be offered, but there must also be an
equivalent and free option available. At this point, this offering could
be supported in another way, such as through contextual advertising.
Users who are also allergic to contextual advertising can choose to
pay for an ad-free option.
A model like the pay or okay, which is likely in breach of data
protection laws, consumer protection laws, and the DMA, and could
potentially also be an abuse of a dominant position, cannot be
tolerated. Additionally, the Commission has issued a Request for
Information (RFI) under the DSA, asking Meta to provide additional
information on the measures it has taken to comply with its
obligations concerning Facebook and Instagram's advertising
practices, recommender systems, and risk assessments related to the
introduction of that subscription option.
Some final considerations.
The EU legislator, through the DMA, has
taken seriously the need to ensure that consent is freely expressed,
even when dealing with a gatekeeper, and has provided gatekeepers
with the opportunity to adapt. In some ways, the Court of Justice's
ruling in Meta reflects some concepts of the DMA. Of course, the
reference to an appropriate payment if necessary ("le cas échéant") must be interpreted
restrictively because it involves a fundamental right whose exercise
should not become a privilege for the few.
Here, data protection, consumer protection, and the DMA are aligned,
which is also a sign that various enforcers can in some cases
cooperate well with each other. This pay or ok model must be
abandoned, and the sooner an enforcer achieves this ultimate goal, the
better. The EDPB expansively interprets the GDPR to introduce an
additional requirement, namely the requirement to provide a “free
alternative without behavioural advertising”. This would in effect be a
quasi-mandatory condition for obtaining valid consent.
Meta will therefore need to truly comply and adopt a different
solution. The alternatives must be compliant not only with the DMA
but also with the GDPR and consumer protection laws, of course.
The Meta ruling was significant, but the DMA had already anticipated
many of the points made by the judges, including the topic of
forward-looking collaboration among enforcers. A prime example of
this is the High Level Group. From the outside, it already appears to
be a very important institution in the DMA regulatory framework.
From the perspective of civil society, we would appreciate greater
transparency of its workings and, perhaps exceptionally, an invitation
to participate
The German Facebook saga has recently concluded. Long live Article
5(2) DMA?
Certainly, but also long live Section 19(a) of the GWB.
It would be better if other national authorities adopted similar
provisions to alleviate the burden on Article 102 concerning the abuse
of a dominant position. We'll see if the announced Draft Guidelines
can somehow make this article more manageable, but at the moment,
there may be many reasons to doubt it.
In concluding the Facebook proceeding, the Bundeskartellamt clearly
stated that not taking enforcement action based on its February 2019
decision does not imply Meta's behavior is fully compliant with
obligations under competition, data protection, consumer protection
laws, and the DMA. It suggested that other authorities could use their
powers to further improve Meta's service offerings, turning the
situation into a relay where the Bundeskartellamt's conclusion serves
as a launch point for further enforcement by others. This indicates that
improvements might also come from applying GDPR principles such
as data minimization.
Final reflection: it’s not about praising the DMA as such, but this
specific provision is well-crafted and highly targeted. It anticipated
developments that we later saw concerning the GDPR and
complements consumer protection effectively. Other provisions may
be less so. The synergy with Section 19a of the GWB is particularly
promising, and it's unfortunate that authorities in other Member States are not equipped
with similar measures in their own legislations.
