CA Regulators' Bite: Equal to Their Bark?
Hello all, and happy Thursday!Read Now
November 30, 2023
Hello all, and happy Thursday!
As anticipated, Meta’s latest effort to contend with EU data privacy regulation is being challenged.
In an effort to comply with EU regulations like the DMA and GDPR, Meta has begun offering a tiered subscription model to its various services, like Facebook and Instagram. EU users can either pay a monthly fee to access ad-free social media or continue to use Meta’s services for free and agree to share their personal data and receive targeted ads. It's important to note that selling ads makes up the vast majority of Meta’s revenue.
Max Schrems’ none of your business (stylized as “noyb”) has issued a complaint against Meta for this practice, dubbing it a “pay or okay” approach to personal data collection. Ultimately, they argue, it serves to coerce individuals into giving up their fundamental rights.
Furthermore, Meta is the first major tech company to attempt this approach in the EU—if they succeed, other tech companies may choose to offer a non-data tracking subscription tier, potentially piling on the costs for those individuals who wish to retain their data privacy rights under the GDPR.
This begs the question, however; how are businesses like Meta supposed to respect the GDPR and stay profitable if this new subscription model isn’t acceptable? Are they just supposed to provide their services for free? It’s a fair point. Conceivably, however, Meta could provide non-targeted advertisements without violating the EU’s data privacy regulations.
Regardless of which side of this issue you land on, it’s a good idea to watch Meta’s subscription model in the EU. It could become a standard that social media and tech companies adopt in the future.
Australian Information Commissioner Angelene Falk has appointed a new Privacy Commissioner and FOI Commissioner. This marks the first time since 2015 that the Office of the Australian Information Commissioner (OAIC) has a standalone FOI Commissioner, Privacy Commissioner, and Information Commissioner, as originally enacted by parliament.
Privacy rights group None of Your Business (“noyb”) has issued a legal challenge against Meta’s new EU subscription model, in which users may either forfeit their privacy and receive targeted ads on Meta’s platforms or pay a subscription fee. Dubbed “Pay or Okay,” noyb contends that this subscription model amounts to a “fundamental rights fee.”
On November 27th, the Council of the European Union formally adopted the Data Act. The act requires manufacturers and service providers to let their users access and reuse the data generated by the use of their products or services and allows users to share that data with third parties.
The California Privacy Protection Agency (CPPA) recently published its draft regulations on automated decision-making technology (ADMT), which it broadly defines to include AI technologies. The proposed regulations would require businesses to provide a notice informing individuals about the use of ADMT and the right to opt out of or access information about the ADMT in use.
Recently, the UK House of Lords introduced the Artificial Intelligence Bill. The bill incorporates concepts similar to other AI proposals and legislation around the world, though it still has a long way to go in the UK legislative process.
When solving for a data privacy challenge, businesses often have to decide: Is it better to purchase a targeted point solution even though you’ll likely face future privacy challenges, or pay more for a holistic privacy platform? In this blog, we provide guidance that may help you pinpoint where you fall on that spectrum.
If you’re interested in working at Osano, check out our Careers page!
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.