Blog
DPAs seek EDPB position on ‘Consent or Pay’ model
January 29, 2024

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
USA
New York Senate Passes Broad Health Data Consent Bill
New York Senate Bill S158D, which would require “valid authorization” for the sale or processing of “regulated health information”, passed through the New York State Senate and has been assigned to the Assembly Science and Technology Committee.
TAKEAWAY
“Regulated Health Information” is defined broadly as “any information that is reasonably linkable to an individual, or a device, and is collected or processed in connection with the physical or mental health of an individual.”
It also expressly includes location or payment information related to an individual’s physical or mental health or any inference drawn or derived about an individual’s physical or mental health, resembling similar concepts in Washington and Nevada laws that will go into effect this year.
Read more:
Guide to US State Privacy Laws
Comparing U.S. state privacy laws: Sensitive Data
EUROPE
DPAs seek EDPB position on ‘consent or pay’ Model
The Norway, Netherlands and Hamburg data protection authorities have requested that the European Data Protection Board (EDPB) issue a formal statement clarifying under which circumstances a service may legally offer a subscription model that allows users to consent to certain uses of their personal data, such as targeted advertising, as an alternative to paying for a subscription with money.
The EDPB should issue an opinion on the matter within the next 14 weeks.
TAKEAWAY
A Consent or Pay model (also known as Pay or OK, or simply PUR in Germany) has been utilized by several online publications and services for years as a way to offer users a choice to pay for content subscriptions with data or money.
This practice has been previously addressed in guidance from Germany’s association of DPAs, as well as the French and Danish DPAs, both of which permit the practice as long as certain parameters are met, such as that the monetary subscription is a fair alternative at a reasonable price.
More recently, Meta adopted a “pay or ok” subscription model on Facebook and Instagram, leading to multiple complaints from privacy advocacy group noyb, which claims that the model violates GDPR by not obtaining consent that is “freely given.” It also claims that because withdrawing consent requires signing up for a monetary subscription, it is not as easy to withdraw consent as it is to give it.
It is not clear whether the recent request of the EDPB is rooted in the noyb complaints, but they are now seeking a harmonized approach to GDPR enforcement of this type of model.
Read more:
How heise medien Delivered Flexible ‘Consent or Pay’
Meta to offer ad-free subscription plans in Europe
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
New York Passes Health Information Privacy Act; ICO To Review UK’s Top Websites for Cookie Compliance
January 27, 2025The New York legislature passed new health privacy legislation...
Unauthorized Sharing of Location and Driving Data Draws Scrutiny from Texas AG, Illinois Class, and FTC
January 22, 2025Allstate is facing lawsuits from the Texas Attorney General...
New Jersey AG’s Office Provides FAQs Ahead of New Privacy Law; Danish DPA Focus on Shopping Apps
January 13, 2025New Jersey AG's office issued a set of 24...
Latest White Papers
Connecting Legal & Marketing Teams on Consent and Preferences
February 4, 2025Break down data silos and unlock better collaboration. Marketing...
Navigating Sensitive Data in the U.S.
February 4, 2025Download our comprehensive guide to learn how different states...
Enterprise Guide To Cookie management & Tracker List Curation
July 1, 2024How to review the tracking tech on your websites...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.