Putting a Price Tag on Consumer Data: Commercial Practices at the Intersection of Data and Consumer Protection Law

Consumers who logged into their Facebook account over the past weeks were surprised by a notice informing them that: “You need to make a choice to continue using Facebook. Laws are changing in your region, so we’re introducing a new choice about how we use your info for ads (…)”. Consumers subsequently had to choose between either using Facebook ‘for free’ but with personalised advertising. Or, paying for a monthly subscription without seeing ads when using Meta’s services. What had happened? In short: the European Court of Justice had decided (Case C-252/21, see in particular para 150) that Facebook needed consumers’ consent if it wanted to use their data for its advertising model. If consumers refuse to grant consent, Meta cannot use their data for advertising purposes.

The notice by Facebook, however, immediately caught the attention of data and consumer protection associations and reflected tendencies and tensions in the regulation of the data economy that have been emerging over the past years. First, the tendency of data and consumer protection law to potentially complement each other in protecting consumer data. For example: does the notice by Facebook constitute an aggressive and misleading practice under the Unfair Commercial Practice Directive as it continues to advertise its services as ‘free’ – even though consumers grant access to their data in exchange? Second, is the ‘pay or consent’ model introduced by Facebook putting a price on consumer privacy which is ultimately enabled by consumer law which perceives data as ‘counter-performance’ (i.e. payment) in a contract?

Facebook’s notice thus reflected again why the interaction of consumer and data protection in their approach to the regulation of the data economy is a particularly interesting field of research. Whereas both have the potential of complementing each other in their objective of protecting consumer data, both might potentially contradict each other, in particular, when consumer law facilitates the commodification of personal data which stands in stark contradiction to the fundamental rights rational of European Data Protection Law.

This tension constitutes a main research focus of ESR Onntje Hinrichs. In his recent paper on “Consumer Law as Second Vantage Point for the Protection of Consumer Data – Protecting or Polluting the Privacy Ecosystem?” he precisely analyses how both fields of law might complement as well as contradict each other in the regulation of the data economy. His paper has been published in the and is available on the Journals Website. An abstract of his article is published below:

Creating a coherent regulatory framework for the European data economy constitutes a daunting task when data regulation increasingly touches on different fields of law. Whilst the regulation of data is anchored in European data protection law, it is turning into a key concern for European consumer law. Since individuals who consume goods and services in the digital economy are typically “consumers” and “data subjects” at the same time, authors and policy-makers have identified complementarities between both policy areas over the past decade. Building on these discussions, this article offers a new perspective on how both fields of law interact in their approach to the regulation of consumer data. By drawing parallels with debates that surrounded the uneasy relationship between consumer and environmental policy, it shows how the regulation of consumer data under consumer law not only contributes to the protection but also the pollution of the privacy ecosystem. At the same time, this analogy is used to showcase how existing tensions between both policy areas can be overcome.