A European consumer rights consortium has released a scathing new report accusing Meta, the owner of Facebook and Instagram, of using a privacy “smokescreen” to obscure what it’s deemed a “massive, illegal” data collection scheme.
In particular, the European Consumer Organisation says Meta’s Nov. 2023 policy of charging European Union residents a monthly privacy fee if they don’t want to be tracked violates an EU privacy law known as the General Data Protection Regulation (GDPR).
According to Euronews.next, the program charges users €9.99 per month to access Meta platforms ad-free via a web browser, and €12.99 a month for app users on iOS or Android.
In a handout accompanying the report Thursday, BEUC described the program as a “consent masquerade that does not actually give consumers a free choice.”
“The GDPR requires consent to be ... freely given,” they write, “whereas Meta is trying, with its consent model, to coerce consumers into accepting its processing of their personal data.”
Consumer groups in the Czech Republic, Denmark, Greece, France, Norway, Slovakia, Slovenia and Spain have filed formal complaints with regulators in their countries protesting the policy.
A spokesperson for the Norwegian Data Protection Authority told CNN the agency is “gravely concerned” about Meta’s practices.
“Data protection is a human right for all, not a premium feature reserved for the wealthy,” they said. “Our hope is that the complaints can spark more regulatory scrutiny on the European level.”
Meta didn’t immediately respond to a request for comment from HuffPost. But in a 2023 blog post defending the program, the company said its “subscription for no ads” option was its best effort at satisfying a “unique combination of connected and sometimes overlapping EU regulatory obligations.”
“We are committed to an ads-supported digital business model, because it is the cornerstone of an inclusive internet where everyone can access online services and content for free,” Meta said.
European regulators last year hit Meta with a €1.2 billion fine ― its largest ever ― for failing to comply with GDPR rules and engaging in “systematic, repetitive and continuous” transfers of its users’ personal data to the U.S.