European Commission Finds Meta's Advertising Model in Breach of DMA Rules

Historic Decision on Digital Markets Act Violation

The European Commission has issued a historic decision regarding a violation of the Digital Markets Act (DMA) in the field of data protection. According to the ruling of 23 April 2025, Meta violated legislative requirements by implementing an inappropriate "consent or pay" advertising model in European Union countries in early 2024.

Background of the Conflict

Since March 2024, when the DMA came into full force, Meta has been obligated to comply with the strict requirements of the new European digital markets legislation. Instead, the company presented EU users with a binary choice model, creating a situation that regulators deemed coercive. It is important to understand that the DMA was developed to limit the monopolistic position of the largest digital platforms (gatekeepers) and to protect users' rights from abuses by dominant market players.

Nature of the Violation

From the beginning of DMA enforcement, Meta offered EU users two options: either consent to the collection and use of personal data for targeted advertising or purchase a paid subscription without advertisements. The key violation was the absence of a third, free option with limited use of personal data.

According to the European Commission, this model violates:

  • Article 5(2)(a) of the DMA, which requires providing users with an equivalent but less invasive service option
  • GDPR provisions on free consent to data processing, which must be "freely given, specific, informed and unambiguous"
  • Article 6(1) of the DMA, requiring free negotiation of user data usage without any pressure or manipulation

The Problem of Coercion in Choice Architecture

The Commission's central argument was the structural pressure created by Meta's implementation. Users wishing to avoid both data combination and payment faced complete exclusion from the core functions of Facebook and Instagram—a consequence deemed disproportionate under the DMA. This "all-or-nothing" approach presumably fails to meet the GDPR requirements for "granular consent", as users cannot selectively opt out of specific data uses whilst maintaining access to essential services.

Attempt to Rectify the Situation

In November 2024, after intensive negotiations with the Commission, Meta presented an updated model, claiming that the new version uses fewer personal data for displaying advertisements. The company modified its "consent or pay" model, offering a new option which, according to Meta, uses less personal user data.

The European Commission continues to evaluate this new model, having requested detailed evidence from the company regarding its actual impact on data collection and usage practices. Regulators are interested in understanding how significantly the nature of personal data processing has changed in the updated version.

Commission's Final Decision

Based on the investigation, the European Commission:

  • Found Meta guilty of violating DMA rules for the period from March to November 2024
  • Imposed a fine of €200 million, which became the first significant financial penalty for DMA violation
  • Ordered the company to eliminate technical and commercial restrictions within 60 days, providing users with a genuine alternative without coercion
  • Established that the decision exclusively concerns the specified period, not affecting the assessment of the new model presented in November 2024

Additionally, the Commission approved Meta's request of 5 March 2024 and excluded Facebook Marketplace from the list of DMA gatekeepers, as the number of business users on the platform in 2024 fell below the threshold value of 10,000 established by legislation.

Legal Context and Clash of Interpretations

At the heart of this dispute lies a fundamental divergence in the interpretation of the concept of "free consent" in the context of digital platforms with dominant positions:

Regulators' Position

The European Data Protection Board (EDPB), in its opinion 08/2024, argues that for dominant platforms, even nominally voluntary choices become coercive when refusal results in "detriment"—a concept expanded to include non-financial negative consequences, such as reduced service quality.

Judicial Practice

This position partially diverges from previous decisions of the Court of Justice of the European Union (CJEU) in the case of Meta Platforms versus Bundeskartellamt, which permitted paid alternatives provided they represent "appropriate compensation" rather than punitive pricing aimed at forcing consent.

Commission's Position

The Commission's preliminary position appears to align more closely with the EDPB's stricter stance, suggesting that any paid alternative—regardless of pricing—inherently violates the DMA's equivalence requirement when applied by gatekeepers.

Extended Discussion on "Consent or Pay" Models

Academic and industry discussions reveal a fundamental division in the assessment of "pay or consent" models:

1. User Empowerment Paradigm

Based on the concept of GDPR individual rights, this paradigm views any expansion of user choice (even paid options) as inherently positive. From this perspective, Meta's model represents progress by providing a clear data-for-service exchange that was previously hidden behind opaque tracking practices.

2. Collective Harm Paradigm

This approach evaluates consent through the lens of collective societal impact rather than individual transactions. From this perspective, the normalisation of data monetisation risks reinforcing so-called "surveillance capitalism", even if individual users "freely" participate in the exchange. The EDPB's position reflects this harm-focused logic, prioritising systemic market fairness over transactional consent validity.

3. Commercial Freedom Paradigm

A third viewpoint raises the question of commercial organisations' right to use alternative methods to finance their activities, including offering paid versions without advertisements or with targeted advertising. According to this position, the European Commission's intervention may hinder companies' commercial activities and negatively impact the development of small startups, which often use similar business models when launching applications.

Equivalence Requirements for Alternative Services

Meta's ad-free subscription model is criticised for failing the DMA's equivalence test in several areas:

Function Parity: Preliminary findings suggest the paid version offers additional benefits (ad removal) rather than simply maintaining functional parity with the free version based on consent to data processing.

Market Segmentation: By tying enhanced privacy to payment, Meta allegedly creates a two-tier system that segments users based on wealth—a result contrary to the DMA's goal of preserving equal access opportunities.

Technical Implementation: Critics argue that Meta could implement less invasive advertising models (e.g., contextual advertising) without requiring payment, but instead designed its systems to make alternatives without tracking technically unfeasible.

Prospects for the Digital Industry

The European Commission's decision on the Meta case establishes an important precedent in the application of the DMA and sets standards for other digital platforms falling under the definition of gatekeepers. This case demonstrates European regulators' determination to ensure compliance with the new rules and readiness to apply significant fines for violations.

For technology companies, this decision signifies the need to review existing business models, especially those based on the monetisation of personal data. Companies will need to develop new approaches that ensure a balance between commercial interests and the requirements of data protection and competition legislation.

Practical Recommendations

Companies operating in the European market are advised to:

  • Audit existing data processing models for compliance with DMA and GDPR requirements
  • Develop alternative approaches to monetisation not based exclusively on personalised advertising
  • Ensure genuine equivalence between different options for users, avoiding quality differences between paid and free versions
  • Consult with specialists on the compliance of advertising strategies and data processing models with European legislation requirements
  • Establish constructive dialogue with regulators in the early stages of implementing new business models

Our Arbitration & IT Disputes  team is ready to provide consultation on compliance of advertising strategies and data processing models with DMA requirements, including risk assessment and interaction with European regulators.

Contact our lawyer for more details

Write to lawyer

Attention Journalists: Use of REVERA website materials in publications is only allowed with our written permission. To coordinate materials, please get in touch with us at: i.antonova@revera.legal, Telegram: https://t.me/PR_revera

Read on this topic

articles

Гайд по ознакомлению с Политикой обработки персональных данных

Гайд по ознакомлению с Политикой обработки персональных данных news

Plan for Inspections of Personal Data Legislation Compliance for 2025 Published

Plan for Inspections of Personal Data Legislation Compliance for 2025 Published news

Рекомендации по обработке персональных данных в сфере здравоохранения

Рекомендации по обработке персональных данных в сфере здравоохранения