• Zak@lemmy.world
      link
      fedilink
      English
      arrow-up
      57
      ·
      5 months ago

      The relevant section of the DMA imposes restrictions on designated gatekeepers. It does not apply to websites that are not designated as gatekeepers.

      That behavior might be questionable under the GDPR though.

      • variaatio@sopuli.xyz
        link
        fedilink
        English
        arrow-up
        36
        arrow-down
        1
        ·
        edit-2
        5 months ago

        Main issue comes from GDPR. When one uses the consent basis for collecting and using information it has to be a free choice. Thus one can’t offer “Pay us and we collect less information about you”. Hence “pay or consent” is blatantly illegal. Showing ads in generic? You don’t need consent. That consent is “I vote with my browser address bar”. Thing just is nobody anymore wants to use non tracked ads…

        So in this case DMA 5(2) is just basically re-enforcement and emphasis of previous GDPR principle. from verge

        “exercise their right to freely consent to the combination of their personal data.”

        from the regulation

        1. The gatekeeper shall not do any of the following:
          (a) process, for the purpose of providing online advertising services, personal data of end users using services of third parties that make use of core platform services of the gatekeeper;
          (b) combine personal data from the relevant core platform service with personal data from any further core platform services or from any other services provided by the gatekeeper or with personal data from third-party services;
          © cross-use personal data from the relevant core platform service in other services provided separately by the gatekeeper, including other core platform services, and vice versa; and
          (d) sign in end users to other services of the gatekeeper in order to combine personal data,

        unless the end user has been presented with the specific choice and has given consent within the meaning of Article 4, point (11), and Article 7 of Regulation (EU) 2016/679.

        surprise 2016/679 is… GDPR. So yeah it’s new violation, but pretty much it is “Gatekeepers are under extra additional scrutiny for GDPR stuff. You violate, we can charge you for both GDPR and DMA violation, plus with some extra rules and explicity for DMA”.

        I think technically already GDPR bans combining without permission, since GDPR demands permission for every use case for consent based processing. There must be consent for processing… combining is processing, needs consent. However this is interpretation of the general principle of GDPR. It’s just that DMA makes it explicit “oh these specific processing, yeah these are processing that need consent per GDPR”. Plus it also rules them out of trying to argue “justified interest” legal basis of processing case of the business. Explicitly ruling “these type of processing don’t fall under justified interest for these companies, these are only and explicitly per consent type actions”.

    • Dojan@lemmy.world
      link
      fedilink
      English
      arrow-up
      27
      ·
      5 months ago

      I believe you’re allowed to run ads on free tiers and offer to remove them by paying. You’re not however allowed to track people without their consent, thus you can’t force personalised ads on users, and say that the only way to get rid of the privacy invasion is to pony up.

      • NoRodent@lemmy.world
        link
        fedilink
        English
        arrow-up
        13
        ·
        edit-2
        5 months ago

        The biggest Czech website (Seznam.cz) recently changed their policy and now force you to choose between: free tier with personalised ads or paid tier with anonymous ads. Yes, you’re reading it right, even if you pay, it doesn’t get rid of ads, they just stop tracking you. I have no idea whether it’s legal but the EU should definitely take a look.

        Edit: Ok, I think they only offer you this choice when you’re using an account. I tried it in a private tab and it seems I can decline personalized ads there. Does that make it legal? If yes, then they’re some sneaky bastards.

        • Dojan@lemmy.world
          link
          fedilink
          English
          arrow-up
          15
          ·
          5 months ago

          Yes, you’re reading it right, even if you pay, it doesn’t get rid of ads, they just stop tracking you.

          🤢🤮

          I hate what the internet has become.

          • xthexder
            link
            fedilink
            English
            arrow-up
            5
            ·
            5 months ago

            I’ve been using an ad blocker for at least 15 years. I’m not about to stop now. I can’t imagine paying only to see less relevant ads…

            • Dojan@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              5 months ago

              Which will work great until corporations implement systems that force it onto us. Microsoft building it into the operating system. Mozilla acquiring advertising companies and implementing AI bullshit. Google edging closer to having a monopoly on browsers.

        • TJA!@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          IANAL, but: Gdpr only says that they cannot require you to sell your data to use a service. It does not say anything about paying with money. So this seems legal to me

          • sudneo@lemm.ee
            link
            fedilink
            English
            arrow-up
            4
            ·
            5 months ago

            The GDPR says that if you use consent as the legal basis for processing data, such consent must be free. This means that there cannot be consequences if you give or not give the consent. If there are, then the consent is not free anymore. Paying money for a service is absolutely legal, obviously, what probably is not legal is extracting your consent by offering you a discount (which is the flipside of “pay to avoid tracking”).

            I just wanted to specify a bit, not that you said anything incorrect.

          • maynarkh@feddit.nl
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            The case is basically that having a non-tracking paid tier makes no difference, the free tier if it exists can’t include mandatory tracking.

            So they can offer a paid tier with no tracking, but they must also offer no tracking on the free tier.

          • NoRodent@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            But I mean, it’s the same thing as this FB/IG case, no? Only worse because even if you pay, you still have ads.

            • TJA!@sh.itjust.works
              link
              fedilink
              English
              arrow-up
              4
              ·
              5 months ago

              No.

              • the Facebook case: DMA/ digital markets act. This case is only regarding the choice between personalisation or paying to access the service. Only for really big patients deemed to be gatekeepers. There are only five at the moment: https://digital-markets-act.ec.europa.eu/gatekeepers_en
              • showing ads that are personalized, or any other things where they use information about you: Gdpr. You have to allow it.
              • showing you ads that are not personalized: completely legal. Netflix does the same I think. Also Amazon prime.