Data Portability Can Restore Real Consumer Choice Between ‘Consent or Pay’ Offerings Online

The sign-up options for online services in Europe are evolving in response to a series of regulatory interventions. The most high-profile example of this is Meta’s introduction of an ad-free subscription option for accessing Facebook and Instagram in 2023, followed by an additional “less personalized ads” option a year later.

With consumers now frequently being asked to decide between ad-funded and subscription-based access to digital content, it’s worth considering the role of data portability in preserving truly meaningful choice.

“Take it or leave it” under scrutiny

For around a quarter of a century, people have had convenient and ‘free’ access to online content and services in exchange for their data and attention, packaged with a simple binary choice: ‘take it or leave it.’

To paraphrase just a little, ad-funded online service providers have told their users:

You can use our online service for free, and in return we will collect some data about you and your online behavior, which we and our partners will use to show you relevant personalized adverts. If you don’t like it, you’ll find the door in the settings page after 27 clicks.

‘Take it or leave it’ is a familiar proposition for consumers in physical stores. If you don’t like the price of a pair of shoes, you can choose not to buy them, or to look elsewhere if you really need a new pair. If you don’t like the options on a menu in a restaurant, you can walk out or choose to eat somewhere else next time. The key here is freedom of choice.

Where this freedom of choice is more limited, such as for utilities such as water or electricity, we have become used to the protections offered by regulators. Where a service is essential, and/or where the supplier is the only show in town, authorities often place requirements or restrictions on the supplier regarding the price it can charge or the way it must interact with its customers.

There is nothing inherently unique about online services that suggest these same market dynamics shouldn’t hold in the digital world. But data protection law has muddied the waters a little, drawing scrutiny from regulatory authorities as to whether the ‘take it or leave it’ approach is legitimate when the currency is personal data.

In response to a range of regulatory developments in the EU and UK, including an opinion from the European Data Protection Board (EDPB) on pay or consent models and letters from the UK Information Commissioner’s Office (ICO) to website operators demanding cookie changes, an increasing body of online services – including news publishers – are presenting their users with another choice: pay for it. Where this is an option, users can choose to access the service by paying a fee, or alternatively by giving up some data and seeing ads; or of course, they always have the option not to use it, at least in theory.

The reaction to this trend has been polarized. While some celebrate more choice, others call it illusory.

I say either can be right, depending on the context of the offerings, and we should look to data portability as a deciding factor. This is because, regardless of the sign-up options available, it matters whether ‘leave it’ is truly on offer – if so, we can rely on market forces to do their thing.

More choice, or Hobson’s choice?

‘Pay or OK’ is the informal term that is often used for the business model where an online service offers its users two distinct choices:

1. Consent to personalized ads to gain access to the platform at no monetary cost, while agreeing to the use of personal data for ad targeting.
2. Pay a fee or subscription and gain access to the platform without ads (and without the associated processing of personal data).

There is of course, at least in theory, a third option that should be ever-present: not to use the service at all. But is the option to decline a service online always meaningful? Or are users sometimes left, in practice, stuck between a personalized rock and a financial hardplace?

If a user has genuine freedom to decline or leave a service, then we can expect market forces to drive down prices to reasonable levels as platforms compete to win new customers and maximize retention. If, on the other hand, a user does not have a meaningful exit path, then not only do we lose market influence over service pricing in monetary terms, but we also start to question whether consent is in fact, “freely given” according to the GDPR’s definition of valid consent. In this context, “freely” means the individual isn’t trapped or pressured, nor has a gun held to their head. They must be able to decline or leave the service without facing barriers or penalties for doing so.

We can infer that for consent to be valid, it must be possible for users to move to an alternative provider, or to leave the service entirely, without undue friction, hassle, or cost. This means switching shouldn’t be hard work, stressful, or take lots of time. And if a customer wants to quit a service, they should ideally not need to leave anything behind that has value to them, such as treasured photos, emails, or contacts. I say ideally, because there are likely to be some limited exceptions to this rule where the technical challenge is just too big a lift.

If these conditions are met to all reasonable expectations – and assuming there are other providers in the market – then there should be nothing stopping an individual from leaving if the price being demanded (whether set in terms of data or money) is too high.

But if the conditions aren’t met – because ‘leave it’ is perceived to be too hard or because there is nowhere else to go – then regulators might ask whether users are consenting under duress.

Portability provides the key

In many consumer-facing technology markets, and in particular those that involve personalization, the ability to leave a service or move to an alternative will often involve data transfers.

Consider the following illustrative scenarios:

• A music lover looking to switch streaming services without losing all of their carefully curated playlists.
• A user of an AI assistant that wishes to take their AI “memory” with them to another platform so they can skip the small talk.
• A social media user that wants to back up their photos, because they want to quit a service (or perhaps to avoid new storage fees).

Aside from being shameless plugs of DTI initiatives, these examples hold one thing in common – they are solved through data portability.

Where businesses are implementing a “pay or ok” model, we should expect them to set a high bar for themselves to support user-led data transfers from the outset. This means enabling people to download or back up their data to their device, of course, but also to transfer it directly to another service of their choosing without any fuss.

This is not to say that data portability will always be a sufficient condition to satisfy all regulatory regimes when it comes to the ‘consent or pay’ model. Notably, Meta implemented a “less personalized ads” option in response to feedback from EU regulators, while more recently, in contrast, this additional option was not deemed necessary by the Information Commissioner’s Office in the UK.

But I argue it is a necessary condition, and should ideally be the starting point.

With portability in play, ‘take it or leave it’ becomes ‘consent or port,’ and ‘pay or OK’ becomes ‘consent, pay or port.’ Whether the option to pay a subscription fee is offered or not, effective data portability tools ensure users aren’t stuck, which puts any subsequent consent decisions on a solid footing.

A platform to build from

I believe the following principles hold for all markets, on and offline: More choice is good. Asking people to pay for services is normal. Relevant advertising is useful. People must be able to say no. Monopolies require oversight.

There is nothing so novel about the ‘pay or ok’ model that means we ought to rip up how we view market regulation, whether through a competition or data protection lens. In the absence of unique and special importance for a particular service, fundamental market rules say service providers can set a price, and users can choose whether or not to pay it, and if not, they have other options, and can switch to them.

I see this recent trend as a positive platform for change. While these new choices bring greater consumer empowerment, they can also act as a catalyst for more companies to take data portability more seriously.