The “consent or pay” model emerged in Europe as major digital platforms began offering users a choice between accepting personalised advertising or paying to use their services without targeted ads. The approach gained attention after Meta introduced it across the EU and EEA in response to regulatory pressure under the GDPR. It is now being examined by regulators, including the UK Information Commissioner’s Office (ICO), to determine whether such models meet data protection standards.
The “consent or pay” model allows users to choose between permitting the use of their personal data for personalised advertising, or paying to access a service without targeted ads, or discontinuing use altogether.
When implemented, users encounter a prompt similar to a cookie banner, offering a choice between consenting to personalised ads or paying to avoid tracking. Some services also provide a free, non-personalised ad option or a fully ad-free paid alternative.
If users consent, organisations collect and analyse three categories of data:
Provided data: Information submitted directly, such as age or gender.
Observed data: Data gathered from users’ online behaviour and interactions.
Inferred data: Conclusions drawn from both provided and observed data to predict interests or preferences.
The ICO expects transparency about the categories of data used for profiling and how inferences are generated and applied to advertising decisions.
If a user pays, their data must not be used for personalised advertising, though contextual ads tied to page content may still appear; organisations should make those boundaries explicit.
The ICO states that consent may not be considered “freely given” where users face a genuine trade-off between privacy and access. Organisations must assess and mitigate power imbalances when offering consent-or-pay choices, ensuring the decision is voluntary, equitable, and clearly explained.
Regulators expect equivalence between options: the free and paid routes should offer comparable core functionality and value, and fees should not be exploitative.
This guidance is currently under review following the Data (Use and Access) Act, which came into force on 19 June 2025. Legal requirements may evolve, and publishers are advised to monitor the ICO’s updates before drawing or publishing regulatory conclusions.
Reference
