Blog Case Studies

How heise medien Delivered Flexible ‘Consent or Pay’

Sourcepoint
January 23, 2024

heise medien owns a portfolio of well-known tech publishing brands, including Technology Review, Telepolis, and computer titles c’t and iX. Its flagship brand, heise online, is the leading IT news site in German-speaking countries and sees upwards of 30 million visits a month.

Click here to read the case study

With tightening regulations and stricter requirements from local DPAs, publishers across Europe have been pushed to consider innovative ways to maintain revenue streams while still respecting user privacy rights. One of these innovations has been the Consent or Pay model.

When heise medien received directives from their local data protection authority to make specific changes to their implementation of Consent or Pay, they partnered with Sourcepoint to develop a bespoke solution that gave users granular choice.

Based on requirements outlined by heise, Sourcepoint developed and iterated on a more flexible version of Consent or Pay that asks users to make choices on each specific data processing purpose in order to consent rather than subscribe. Select purposes, especially those crucial for monetization, can also be demarcated as required for consent.

heise’s updated Consent or Pay model was approved by the Lower Saxony DPA and subsequently served to inform guidance on the admissibility of the Consent or Pay model in Germany as a whole.

In March 2023, Germany’s Datenschutzkonferenz (DSK), an association of all of the country’s data protection authorities, published guidance on the admissibility of the Consent or Pay model emphasizing the following criteria:

  1. Equivalent alternative: The subscription must represent an equivalent alternative to the service that users obtain by giving consent to tracking and advertising.
  2. Valid consent: Consent must be freely given, specific, informed and unambiguous, and as defined in the GDPR.
  3. Granular consent: Users must be able to select and deselect different purposes of data processing on a granular basis. This guidance made clear that for German DPAs, “granular opt-in of purposes is required for consent to be considered effective.” The new model that heise developed with Sourcepoint, which requires granular user choice, thus became the definitive model for compliant use of Consent or Pay in Germany.

This guidance made clear that for German DPAs, “granular opt-in of purposes is required for consent to be considered effective.”

The new model that heise developed with Sourcepoint, which requires granular user choice, thus became the definitive model for compliant use of Consent or Pay in Germany.

Growing adoption after ‘Reject All’

Germany is not the only country that has legitimized the Consent or Pay model. The Danish DPA issued guidance in 2023 that allowed the model under certain conditions. And in 2022, the French DPA advised that Consent or Pay offerings would be evaluated on a case-by-case basis, and emphasized that the paid options should be fairly priced.

Adoption of Consent or Pay is also growing in other parts of Europe, with cookie guidelines in UK, Spain, and Belgium now requiring the option to Reject All data processing to be as prominent as Accept All.

Though these DPAs have yet to comment on the validity of the model, publishers are already looking to get ahead of the curve, following the examples of their peers.

Latest Blog Posts

Bicameral, bipartisan discussion draft of federal privacy bill announced

April 15, 2024

If passed, the American Privacy Rights Act, a comprehensive...

CPPA issues an enforcement advisory on data minimization

April 9, 2024

Their first "enforcement advisory", reminds companies of their data...

Kentucky sends comprehensive privacy bill to governor

April 1, 2024

Kentucky's privacy bill mirrors Virginia's, is set for 2026....

Latest White Papers

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Ebook: A Publisher’s Guide to Vendor List Curation

December 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]