this post was submitted on 01 Jul 2024
456 points (99.6% liked)

Technology

60082 readers
4271 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] randomaccount43543 80 points 5 months ago (3 children)

Lots of other websites have already copied the "pay or consent" ad model

[–] Zak 57 points 5 months ago (1 children)

The relevant section of the DMA imposes restrictions on designated gatekeepers. It does not apply to websites that are not designated as gatekeepers.

That behavior might be questionable under the GDPR though.

[–] [email protected] 35 points 5 months ago* (last edited 5 months ago)

Main issue comes from GDPR. When one uses the consent basis for collecting and using information it has to be a free choice. Thus one can't offer "Pay us and we collect less information about you". Hence "pay or consent" is blatantly illegal. Showing ads in generic? You don't need consent. That consent is "I vote with my browser address bar". Thing just is nobody anymore wants to use non tracked ads.....

So in this case DMA 5(2) is just basically re-enforcement and emphasis of previous GDPR principle. from verge

“exercise their right to freely consent to the combination of their personal data.”

from the regulation

  1. The gatekeeper shall not do any of the following:
    (a) process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
    (b) combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
    (c) cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
    (d) sign in end users to other services of the gatekeeper in order to combine personal data,

unless the end user has been presented with the specific choice and has given consent within the meaning of Article 4, point (11), and Article 7 of Regulation (EU) 2016/679.

surprise 2016/679 is..... GDPR. So yeah it's new violation, but pretty much it is "Gatekeepers are under extra additional scrutiny for GDPR stuff. You violate, we can charge you for both GDPR and DMA violation, plus with some extra rules and explicity for DMA".

I think technically already GDPR bans combining without permission, since GDPR demands permission for every use case for consent based processing. There must be consent for processing.... combining is processing, needs consent. However this is interpretation of the general principle of GDPR. It's just that DMA makes it explicit "oh these specific processing, yeah these are processing that need consent per GDPR". Plus it also rules them out of trying to argue "justified interest" legal basis of processing case of the business. Explicitly ruling "these type of processing don't fall under justified interest for these companies, these are only and explicitly per consent type actions".

[–] dojan 27 points 5 months ago (1 children)

I believe you’re allowed to run ads on free tiers and offer to remove them by paying. You’re not however allowed to track people without their consent, thus you can’t force personalised ads on users, and say that the only way to get rid of the privacy invasion is to pony up.

[–] NoRodent 13 points 5 months ago* (last edited 5 months ago) (2 children)

The biggest Czech website (Seznam.cz) recently changed their policy and now force you to choose between: free tier with personalised ads or paid tier with anonymous ads. Yes, you're reading it right, even if you pay, it doesn't get rid of ads, they just stop tracking you. I have no idea whether it's legal but the EU should definitely take a look.

Edit: Ok, I think they only offer you this choice when you're using an account. I tried it in a private tab and it seems I can decline personalized ads there. Does that make it legal? If yes, then they're some sneaky bastards.

[–] dojan 15 points 5 months ago (1 children)

Yes, you’re reading it right, even if you pay, it doesn’t get rid of ads, they just stop tracking you.

🤢🤮

I hate what the internet has become.

[–] [email protected] 5 points 5 months ago (1 children)

I've been using an ad blocker for at least 15 years. I'm not about to stop now. I can't imagine paying only to see less relevant ads...

[–] dojan 2 points 5 months ago

Which will work great until corporations implement systems that force it onto us. Microsoft building it into the operating system. Mozilla acquiring advertising companies and implementing AI bullshit. Google edging closer to having a monopoly on browsers.

[–] [email protected] 3 points 5 months ago (3 children)

IANAL, but: Gdpr only says that they cannot require you to sell your data to use a service. It does not say anything about paying with money. So this seems legal to me

[–] [email protected] 4 points 5 months ago

The GDPR says that if you use consent as the legal basis for processing data, such consent must be free. This means that there cannot be consequences if you give or not give the consent. If there are, then the consent is not free anymore. Paying money for a service is absolutely legal, obviously, what probably is not legal is extracting your consent by offering you a discount (which is the flipside of "pay to avoid tracking").

I just wanted to specify a bit, not that you said anything incorrect.

[–] [email protected] 3 points 5 months ago (1 children)

The case is basically that having a non-tracking paid tier makes no difference, the free tier if it exists can't include mandatory tracking.

So they can offer a paid tier with no tracking, but they must also offer no tracking on the free tier.

[–] [email protected] 1 points 5 months ago

That's correct. But this is only the case because of the DMA, mit the Gdpr

[–] NoRodent 1 points 5 months ago (1 children)

But I mean, it's the same thing as this FB/IG case, no? Only worse because even if you pay, you still have ads.

[–] [email protected] 4 points 5 months ago

No.

  • the Facebook case: DMA/ digital markets act. This case is only regarding the choice between personalisation or paying to access the service. Only for really big patients deemed to be gatekeepers. There are only five at the moment: https://digital-markets-act.ec.europa.eu/gatekeepers_en
  • showing ads that are personalized, or any other things where they use information about you: Gdpr. You have to allow it.
  • showing you ads that are not personalized: completely legal. Netflix does the same I think. Also Amazon prime.
[–] grue 19 points 5 months ago (1 children)
[–] bizzle 6 points 5 months ago

Won't someone please think of the shareholders 😭