heise medien owns a portfolio of well-known tech publishing brands, including Technology Review, Telepolis, and computer titles c’t and iX. Its flagship brand, heise online, is the leading IT news site in German-speaking countries and sees upwards of 30 million visits a month.
Click here to read the case study
The evolution of Consent or Pay
With tightening regulations and stricter requirements from local DPAs, publishers across Europe have been pushed to consider innovative ways to maintain revenue streams while still respecting user privacy rights. One of these innovations has been the Consent or Pay model.
When heise medien received directives from their local data protection authority to make specific changes to their implementation of Consent or Pay, they partnered with Sourcepoint to develop a bespoke solution that gave users granular choice.
Based on requirements outlined by heise, Sourcepoint developed and iterated on a more flexible version of Consent or Pay that asks users to make choices on each specific data processing purpose in order to consent rather than subscribe. Select purposes, especially those crucial for monetization, can also be demarcated as required for consent.
heise’s updated Consent or Pay model was approved by the Lower Saxony DPA and subsequently served to inform guidance on the admissibility of the Consent or Pay model in Germany as a whole.
Admissibility of the Consent or Pay model
In March 2023, Germany’s Datenschutzkonferenz (DSK), an association of all of the country’s data protection authorities, published guidance on the admissibility of the Consent or Pay model emphasizing the following criteria:
- Equivalent alternative: The subscription must represent an equivalent alternative to the service that users obtain by giving consent to tracking and advertising.
- Valid consent: Consent must be freely given, specific, informed and unambiguous, and as defined in the GDPR.
- Granular consent: Users must be able to select and deselect different purposes of data processing on a granular basis. This guidance made clear that for German DPAs, “granular opt-in of purposes is required for consent to be considered effective.” The new model that heise developed with Sourcepoint, which requires granular user choice, thus became the definitive model for compliant use of Consent or Pay in Germany.
This guidance made clear that for German DPAs, “granular opt-in of purposes is required for consent to be considered effective.”
The new model that heise developed with Sourcepoint, which requires granular user choice, thus became the definitive model for compliant use of Consent or Pay in Germany.
Growing adoption after ‘Reject All’
Germany is not the only country that has legitimized the Consent or Pay model. The Danish DPA issued guidance in 2023 that allowed the model under certain conditions. And in 2022, the French DPA advised that Consent or Pay offerings would be evaluated on a case-by-case basis, and emphasized that the paid options should be fairly priced.
Adoption of Consent or Pay is also growing in other parts of Europe, with cookie guidelines in UK, Spain, and Belgium now requiring the option to Reject All data processing to be as prominent as Accept All.
Though these DPAs have yet to comment on the validity of the model, publishers are already looking to get ahead of the curve, following the examples of their peers.
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.