In this month’s Spotlight, we feature two legal milestones involving consent and social media platforms. One involves the European Commission, its Digital Markets Act, and Meta’s “pay or consent” model. The other involves the U.S. state of Texas and a record legal settlement of US$1.4 billion over Meta’s deployment of facial recognition software over a decade without consent. We assess that the intersection of consent and advanced data collection technologies implemented on global social media platforms deserves a continuing close examination.
Commission sends preliminary findings to Meta over its “Pay or Consent” model for breach of the Digital Markets Act
Press Release
European Commission, 1 July 2024
Excerpt
Today, the Commission has informed Meta of its preliminary findings that its “pay or consent” advertising model fails to comply with the Digital Markets Act (DMA). In the Commission’s preliminary view, this binary choice forces users to consent to the combination of their personal data and fails to provide them a less personalised but equivalent version of Meta’s social networks…
Due to their significant position in digital markets, gatekeepers have been able to impose terms of services on their large user base allowing them to collect vast amounts of personal data. This has given them potential advantages compared to competitors who do not have access to such a vast amount of data, thereby raising high barriers to providing online advertising services and social network services.
Under Article 5(2) of the DMA, gatekeepers must seek users’ consent for combining their personal data between designated core platform services and other services, and if a user refuses such consent, they should have access to a less personalised but equivalent alternative. Gatekeepers cannot make use of the service or certain functionalities conditional on users’ consent…
The Commission takes the preliminary view that Meta’s “pay or consent” advertising model is not compliant with the DMA as it does not meet the necessary requirements set out under Article 5(2). In particular, Meta’s model
:: Does not allow users to opt for a service that uses less of their personal data but is otherwise equivalent to the “personalised ads” based service.
:: Does not allow users to exercise their right to freely consent to the combination of their personal data.
To ensure compliance with the DMA, users who do not consent should still get access to an equivalent service which uses less of their personal data, in this case for the personalisation of advertising…
In case of non-compliance, the Commission can impose fines up to 10% of the gatekeeper’s total worldwide turnover. Such fines can go up to 20% in case of repeated infringement. Moreover, in case of systematic non-compliance, the Commission is also empowered to adopt additional remedies such as obliging a gatekeeper to sell a business or parts of it or banning the gatekeeper from acquisitions of additional services related to the systemic non-compliance.
The Commission continues its constructive engagement with Meta to identify a satisfactory path towards effective compliance.
”… $1.4 Billion Settlement with Meta Over Its Unauthorized Capture of Personal Biometric Data In Largest Settlement Ever Obtained From An Action Brought By A Single State
Press Release
Attorney General of Texas, 30 July 2024
[Excerpt]
…This settlement is the largest ever obtained from an action brought by a single State…This is the first lawsuit brought and first settlement obtained under Texas’s “Capture or Use of Biometric Identifier” Act and serves as a warning to any companies engaged in practices that violate Texans’ privacy rights…
In February 2022, Attorney General Paxton sued Meta for unlawfully capturing the biometric data of millions of Texans without obtaining their informed consent as required by Texas law…
In 2011, Meta rolled out a new feature, initially called Tag Suggestions, that it claimed would improve the user experience by making it easier for users to “tag” photographs with the names of people in the photo.
Meta automatically turned this feature on for all Texans without explaining how the feature worked. Unbeknownst to most Texans, for more than a decade Meta ran facial recognition software on virtually every face contained in the photographs uploaded to Facebook, capturing records of the facial geometry of the people depicted. Meta did this despite knowing that CUBI forbids companies from capturing biometric identifiers of Texans, including records of face geometry, unless the business first informs the person and receives their consent to capture the biometric identifier…
Center for Informed Consent Integrity 