The Price of Free
The last time you liked a friend’s post on Instagram or scrolled through videos on TikTok, did you pay for it? Of course not, but that doesn’t mean you didn’t pay anything at all.
There is a saying that has become something of a tech-world cliché:
“If you aren’t paying for a product, you are the product.”
But in the data age, you aren’t the product—it’s the private data secretly collected about you on these platforms that is the product. This data is ultimately packaged and sold to advertising companies, allowing the platform companies to profit from it.
For a long time, the commodification of privacy has been happening unnoticed behind users’ screens. But now, Meta — the company behind Facebook, Instagram, and WhatsApp — has made a bold move in the history of social media: they’ve put a price tag on privacy—160 euros ($260AUD) per year. In Europe, due to the strict European Union’s General Data Protection Regulation’s (GDPR) framework, Meta was forced to propose a new business model in 2023: you can choose not to be tracked or receive personalised ads, but you must pay €12.99 per month. If you do not pay, it means you consent to the platform collecting your privacy.
On the surface, Meta appears to offer everyone a choice to avoid infringement, but in reality, we can see the blatant commercial interests at play and the danger of human rights being commodified.
In this blog post, I will first discuss why Meta is willing to pay fines rather than abandon this business model; second, I will examine what privacy is and whether it is gradually evolving from a fundamental human right into a class privilege in the digital age; and finally, I will evaluate whether current regulatory mechanisms effectively protect users’ privacy.
A Timeline: How Regulators Gradually Forced Meta to Comply
In July 2023, the Court of Justice of the European Union (CJEU) ruled that Meta’s processing of user data was illegal.
In November 2023, in response to this ruling, Meta launched a “pay or accept” model across the EU, the European Economic Area, and Switzerland. The choice was clear: pay €9.99 per month on desktop (€12.99 on mobile) to use Facebook or Instagram without personalised ads, or continue using the platforms for free while consenting to the comprehensive collection and use of your personal data for targeted advertising. For users with multiple accounts, the costs could accumulate significantly over the course of a year.
Opposition arose immediately; the privacy advocacy group noyb described the model as requiring users to “pay for their fundamental rights.” Consumer groups across Europe filed complaints, arguing that this choice was effectively coercive: under the GDPR, consent must meet specific requirements to be legally binding—it must be freely given, specific, informed, and unambiguous. Furthermore, under Article 7 of the GDPR, consent must be requested in a transparent and fair manner and should be withdrawable at any time, whereas users are not free to choose under Meta’s model.
In November 2024, Meta reduced the price of its ad-free subscription by 40% and introduced a third, less personalized free option.
In April 2025, CJEU fined Meta €200 million for violating Article 5(2) of the DMA, ruling that the binary “pay or consent” model failed to provide users with a genuine equivalent alternative. However, this fine, imposed a year later, still appears insufficient.
“Pay or okay” is clearly not a choice for users; it is a pervasive problem: social media platforms are owned by large corporations, which wield near-total control over them. Decisions made by these platforms can have a decisive impact on users, yet democratic accountability is rare (Suzor, 2019).
Why Is Your Data Worth So Much to Meta?
“Pay or Okay” was first introduced by Austria’s *Der Standard*, offering users the choice between allowing their personal data to be used for advertising or paying a monthly fee of €8.90. Regulators viewed this as a model to protect the news industry, which had become nearly unsustainable as advertising revenue was siphoned off by large corporations like Google and Meta. Yet it is deeply ironic that this policy is now being implemented by those very same corporations.
To understand why Meta continues to insist on collecting user data—even despite facing massive fines—we must first analyze the economic logic behind the operation of its platforms.
As we become increasingly dependent on these digital platforms in the online environment, we have little choice but to agree to privacy policies in exchange for access. This “entry ticket” to modern society is, in reality, a trade-off for consent.
Harvard professor Shoshana Zuboff refers to this underlying logic as “Surveillance Capitalism.”
Unlike traditional companies that sell goods or services, ad-based companies collect “data exhaust”—every interaction you have with the platform, such as your location, the time you spend on the platform, and the people you message—and convert it into “prediction products”: predictions generated through the analysis of your behavior. These are then packaged and sold to “behavioral futures markets”—companies interested in your behavior, typically advertising firms. We can see this model being applied across many companies, including Google, Twitter, and TikTok… It is a well-established business model.
Meta relies heavily on this model; 97.5% of its global revenue comes from advertising. For Meta, stopping the collection of user data is not merely a matter of privacy protection, but a threat to its very survival—which is why it has been forced to adopt a “Pay or OK” model in Europe.
Privacy
Privacy as a Human Right
To protect privacy, we must first understand how privacy differs in the digital realm.
Article 12 of the Universal Declaration of Human Rights (1948) guarantees that no one shall be subjected to arbitrary interference with their privacy. Extending this right to the digital realm, digital rights should not be treated as optional add-ons but as an indispensable component of human rights in contemporary life. When platforms deprive users of substantive control over their data, they are already violating a fundamental human right (Karppinen 2017).
To determine whether an action infringes upon your privacy, one can refer to the concept of situational integrity (Nissenbaum 2018). For example, when you chat with a friend on WhatsApp, the context dictates that you expect the message to circulate only between you and your friend. If that message is sold to a third party, it violates the situational norms of user sharing.
Two Kinds of Inequality
Through this Meta incident, we have been startled to discover that privacy, as a fundamental human right, takes on different forms across social classes and nations.
The Class Divide
In fact, long before Meta introduced its “Pay or OK” subscription plan, the ability to protect one’s online privacy already varied across social classes. For groups marginalized by systems and structures—such as people of color, adolescents, the elderly, and low-income individuals—access to privacy is not as a given as it is for those who hold certain privileges in society (Marwick and Boyd, 2019).
Meta’s mechanism, however, has only deepened this class inequality. For low-income users and adolescents who cannot afford the fee, this is simply not a realistic option. To continue using these platforms—which have become essential to daily life—they are forced to surrender their data. Already in a vulnerable position in society, their circumstances will continue to deteriorate.
Even more concerning is that, although this model is currently implemented only in the EU, as countries tighten their digital privacy regulations, companies that rely heavily on advertising models are highly likely to expand this initiative globally. Cruelly, the right to opt out of data-driven systems is becoming increasingly difficult to exercise (Marwick and Boyd 2019).
The Geographic Divide
Privacy also varies geographically: Meta’s “Pay or OK” model has been introduced only in the EU—because only the EU possesses a sufficiently robust regulatory framework to constrain corporate behavior.
There are significant divergences in attitudes toward digital rights across different jurisdictions (Flew, 2021). Europe has taken a proactive stance, implementing a comprehensive, human rights-based approach to data protection through the GDPR. In contrast, the United States has long relied on a patchwork of state laws, leaving most digital data essentially unprotected. The situation in Australia is particularly thought-provoking: faced with large-scale data collection, Australian lawmakers have not only been “slow to respond,” but their legal framework also suffers from fundamental flaws. Australia lacks constitutional guarantees of privacy rights; the current Privacy Act 1988 fails to provide citizens with an “enforceable right to privacy,” and individuals have no direct right to sue for data breaches (Goggin et al., 2017). Outside the EU, Meta has never offered a privacy subscription. User data is collected by default.
At least low-income users in Berlin have the option—despite the financial burden—to purchase privacy protection. Low-income users in Sydney or Chicago, however, do not have this option—even though they face the same platforms, the same data collection, and the same surveillance capitalism.
Regulation is difficult—but is it enough?
There is no doubt that Europe’s GDPR and DMA regulations have yielded tangible results: a €200 million fine against Meta, and the platform’s subsequent launch of a less personalized free option in January 2026. The EU’s GDPR and DMA represent a serious and almost unprecedented attempt to impose democratic accountability on platform power. The €200 million fine against Meta clearly demonstrates that violations carry real consequences, and the steps taken—from lowering subscription prices in November 2024 to Meta’s further move toward a less personalized option in January 2026—show that sustained regulatory pressure can force platforms to change their behavior.
Yet regulation remains inadequate.
First, proportionally, the €200 million fine amounts to less than 0.2% of Meta’s annual advertising revenue; for Meta, this can be treated as an operating cost rather than a penalty. Meaningful accountability must be determined by real economic impact, not by imposing symbolic amounts. Second, structurally, the existing framework remains centered on informed consent. Consent buried within thousands of words of obscure legal jargon is not meaningful consent; this framework consistently favors platforms over users, especially those without the time or knowledge to navigate it.
To make matters worse, platforms also widely employ “dark patterns” to obtain this so-called consent. When users are confronted with “pay or consent” pop-ups, platforms exploit visual fatigue to “trick” them into clicking through manipulative interface designs—such as making the “Agree” button large and prominent while hiding privacy-protecting options in complex submenus.
So, where does the way forward lie?
We must achieve a fundamental shift in the regulatory perspective. Rather than placing the burden of privacy protection on individual consumers, who are outnumbered and outmatched, we should limit the power of platforms at the source. For example, Australia is currently reviewing its Privacy Act, which proposes a highly promising “Fair and Reasonable Test.” This means that the core issue in the future will no longer be “whether the user clicked ‘agree,’” but rather “whether the platform’s collection of this data is objectively fair and reasonable.” If the collection itself is predatory, then even if the user clicks the “agree” button, the act remains illegal.
To change the status quo, we need not only to reform the platforms but also new structures like this one—structures that can continuously monitor platform compliance and exert reasonable pressure.For our part, we must remain vigilant about our data privacy and voice our concerns about data security to governments and tech companies.
The next time you click “I Agree” without reading the terms
Ask yourself: Do you really have a choice?
References
Flew, T. (2021). Regulating platforms. Polity Press.
Goggin, G., Vromen, A., Weatherall, K., Martin, F., Webb, A., Sunman, L., & Bailo, F. (2017). Digital rights in Australia. University of Sydney. https://ses.library.usyd.edu.au/handle/2123/17587
Karppinen, K. (2017). Human rights and the digital. In H. Tumber & S. Waisbord (Eds.), Routledge companion to media and human rights (pp. 95–103). Routledge.
Marwick, A. E., & boyd, d. (2019). Understanding privacy at the margins: Introduction. International Journal of Communication, 13, 1157–1165.
Nissenbaum, H. (2018). Respecting context to protect privacy: Why meaning matters. Science and Engineering Ethics, 24(3), 831–852. https://doi.org/10.1007/s11948-018-0053-y
Suzor, N. P. (2019). Lawless: The Secret Rules That Govern our Digital Lives. Cambridge: Cambridge University Press.
Zuboff, S. (2015). Big other: Surveillance capitalism and the prospects of an information civilization. Journal of Information Technology, 30(1), 75–89. https://doi.org/10.1057/jit.2015.5
Image References
Rainmaker. (n.d.). Surveillance capitalism is destroying our freedom and our intimacy [Digital image]. Pinterest. https://au.pinterest.com/pin/33073378501073922/
Journey. (n.d.). Suburban barriers and social inequality [Digital image]. Pinterest. https://au.pinterest.com/pin/3377768458256513/
TechCrunch. (n.d.). The Web Foundation is working to counter deceptive design [Digital image]. Pinterest. https://au.pinterest.com/pin/247627679502246431/
Be the first to comment