lock-5459714_1920

Privacy Rights and it’s Challenges – 6 Years of GDPR

Six years since GDPR came into force, the promise of stronger data protection is being undermined by the rise of “pay or consent” models. These business practices offer users a stark choice: pay a fee to safeguard their privacy or consent to intrusive data tracking for targeted advertising. This approach challenges the essence of GDPR, which requires consent to be freely given and informed.

Meta rolled out its “pay or consent” model in October 2023, and is not the only offender; these models are widespread and almost standard practice for thousands of companies. Whilst the EU has started to address the issue, there remains no clear and comprehensive stance on the incompatibility of such models with human rights. The recent Meta announcement of a new version of “pay or consent” illustrates that by only addressing the symptoms of “pay or consent”, the core issues underpinning the model will never be rectified. As stated in the report, offering a reduced price and a third option with less personalised advertisement does not fix the problem.

The Emergence of “Pay or Consent”

Under these models, companies commoditise privacy, turning it from a universal right into a luxury product. Users unable to afford the cost are coerced into agreeing to invasive tracking practices, allowing companies to harvest vast amounts of personal data. While this may benefit businesses, it undermines individual autonomy, widens social inequality, and erodes public trust in digital services.

The European Data Protection Board (EDPB) and other regulatory authorities have criticised these models, emphasising that genuine consent must be free of coercion or detriment. Yet inconsistent enforcement has enabled companies to exploit legal grey areas, bypassing GDPR’s requirements.

Privacy as a Human Right

The commoditisation of privacy has significant consequences. It creates a two-tiered digital society where only the financially privileged can protect their data. This deepens the digital divide and perpetuates social inequality. Moreover, behavioural advertising which is central to these models, raises concerns about discrimination, manipulation, and heightened security risks.

The European Charter of Fundamental Rights affirms that privacy is inalienable and cannot be treated as a commodity. However, gaps in enforcement have allowed corporations to place profit over people’s rights, jeopardising both individuals and communities.

The Need for Stronger Enforcement

To address these challenges, regulators must prohibit “pay or consent” practices. Clearer guidelines are necessary to close existing loopholes and ensure consistent enforcement across EU member states. Additionally, fostering privacy-friendly business models, such as contextual advertising, can balance user rights with sustainable revenue streams.

A Call to Action

As GDPR reaches a pivotal moment, the future of data protection depends on the EU’s resolve to uphold its principles. Will privacy remain a fundamental right, or will it become a privilege for the few? Ensuring a fair digital future means reaffirming privacy as a universal right, demanding transparency, and fostering innovations that respect individual freedoms.

At GDPR Register, we empower businesses to navigate the complexities of GDPR compliance with ease.

Our platform streamlines data protection processes, offering tools for automated assessments, risk management, and consent tracking. With our innovative solutions, companies can maintain compliance while fostering trust with their customers.

By leveraging AI-powered insights, we help organisations identify and address privacy risks proactively. Whether you’re a small business or a large enterprise, GDPR Register ensures that compliance is both efficient and cost-effective, enabling you to focus on growth while upholding the highest standards of data protection.

Curious to learn more?

Source:
This blog post is based on insights from “Six Years of the GDPR: Priced Out of Privacy?”, published by Access Now in November 2024.

Image by 
Megan Rexazin Cond

Get your compliance organized with proper GDPR tools.
Contact us for a demo and get access to 14-day trial.

Save time and be confident

Latest Posts
Your Essential Guide to Developing a Data Breach Response Plan

Your Essential Guide to Developing a Data Breach Response Plan

The General Data Protection Regulation (GDPR) places significant emphasis on securing personal data, particularly in Articles 32-34, which outline requirements...
Biometric Data and GDPR: Key Considerations

Biometric Data and GDPR: Key Considerations

Biometric data is classified by the GDPR as a special category of personal data, subject to enhanced protection. This means...
Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Why ‘I Don’t Allow Meta’ Posts Don’t Work and What to Do

Every so often, viral posts resurface on Facebook and Instagram declaring:"I do not allow Meta to use my data, pictures,...
GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

GDPR Fine of €475 Million for Netflix: Top 5 Lessons for Everyone

Netflix is at the centre of a data privacy cliffhanger as the Dutch DPA indicates it is likely to be...
How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

How to Avoid ICO Fines: Lessons from Recent GDPR Spam Text Penalties

Lessons for Legal Teams: Avoiding Costly Mistakes in Data Privacy ComplianceData privacy is no longer a secondary concern for businesses—it's...
Privacy Rights and it’s Challenges – 6 Years of GDPR

Privacy Rights and it’s Challenges – 6 Years of GDPR

Six years since GDPR came into force, the promise of stronger data protection is being undermined by the rise of...
Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

Staying Ahead of GDPR Compliance: Lessons from LinkedIn’s €310 Million Fine

LinkedIn Ireland was recently fined a record-breaking €310 million by the Irish Data Protection Commission for GDPR violations, underscoring the...
Preparing Your Small Business for GDPR Compliance

Preparing Your Small Business for GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union law that protects the privacy and personal data of individuals...
The GDPR Data Map – Your Complete Guide

The GDPR Data Map – Your Complete Guide

The General Data Protection Regulation (GDPR) is a European regulation establishing the framework for personal data protection of individuals in...
GDPR in Healthcare: Compliance Guide

GDPR in Healthcare: Compliance Guide

Since General Data Protection Regulation (GDPR) entered into force, the personal data protection has become more challenging to the Healthcare...