• vintageballs@feddit.org
    link
    fedilink
    Deutsch
    arrow-up
    2
    ·
    5 months ago

    There seem to be conflicting opinions on the matter:

    https://netzpolitik.org/2024/pay-or-okay-privatsphaere-nur-gegen-gebuehr/

    https://www.etes.de/blog/pay-or-okay-pur-abo-modell-zulaessig/

    In any case, the requirements for “pay or okay” being legal are: (translated with deepl)

    Equivalent alternative

    “In principle, the tracking of user behavior can be based on consent if a tracking-free model is offered as an alternative, even if this is subject to payment. However, the service that users receive in a paid model must firstly represent an equivalent alternative to the service that they obtain through consent. Secondly, the consent must meet all the conditions for effectiveness set out in the General Data Protection Regulation (GDPR), i.e. in particular the requirements listed in Art. 4 No. 11 and Art. 7 GDPR. Whether the payment option - e.g. a monthly subscription - is to be regarded as an equivalent alternative to consent to tracking depends in particular on whether users are given equivalent access to the same service in return for a standard market fee. Equivalent access generally exists if the offers include the same service, at least in principle.”

    Data processing for ad-free use

    If a user opts for the subscription option, only storage and readout processes that are technically absolutely necessary may take place (Section 25 (1) TTDSG). Furthermore, the permissions under Art. 6 para. 1 GDPR must be complied with.

    Granularity/prohibition of general consent for non-subscribers

    “If there are several processing purposes that differ significantly from one another, the requirements for voluntariness must be met to the effect that consent can be granted on a granular basis. This means, among other things, that users must be able to actively select the individual purposes for which consent is to be obtained (opt-in). Only if purposes are very closely related can a bundling of purposes be considered. A blanket overall consent for different purposes in this respect cannot be effectively granted.”

    Transparency, comprehensibility and information

    In addition, the consents must meet the other requirements of the GDPR. This applies in particular to the principle of transparency, comprehensibility and compliance with information obligations.

    As I see it, at the very least the granularity requirement is not fulfilled in these cases.