Are you looking to protect your privacy? A cookie paywall on a single website could cost you €75 ($72) annually. On your first visit to Germany’s leading online news source, Der Spiegel, you are given the option to either give up your data or buy a €5 ($4,8) monthly subscription.
The same option is available on news websites, including Die Welt, T-Online, Bild, and many other news websites. Want to browse privately? A “cookie paywall,” a new privacy issue surfacing in some countries in central Europe, can potentially increase the cost of online browsing significantly.
You’ve probably come across sites that require you to accept or reject cookies before viewing any content. A cookie paywall presents a more significant obstacle, requiring you to pay to stop being tracked. It is a strategy used by online businesses to comply with European privacy regulations and maintain their profitability. You cannot escape this situation using the browser’s incognito mode.
If regulators are not careful, onerous cookie paywalls may become a future vision for American federal privacy law on the horizon.
“It benefits the websites in the long run. They get paid with data, or they get paid with money,” explained Cristiana Santos. She’s an assistant professor of privacy and data protection law at Utrecht University and co-author of a forthcoming research article paper (PDF) analyzing cookie paywalls. The article “Your Consent Is Worth 75 Euros Per Year: Measurement and Legality of Cookie Paywalls” will be presented at the 2022 Workshop on Privacy in the Electronic Society in November.
Santos and her co-authors examined sites across Central Europe. While they remain unusual, the research team found several of them among the top popular 13 news sites in Germany and Austria.
Privacy can be costly
Santos and his associates discovered that privacy is expensive. The study shows that avoiding monitoring those 13 websites will cost a staggering €728 (about $706) annually. The researchers showed that it would cost about €75 yearly to avoid tracking on the Austrian newspaper website, Der Standard alone. Would you be willing to pay a specific fee for your privacy per site users visit? How much money can you spare?
There are already a lot of sneaky dark patterns in the cookie pop-ups that have started to annoy online users in Europe and the US. It’s resulted in web users making decisions they might not have otherwise made. Trying to protect your privacy or rejecting cookies may not be enough, as many websites will still track you. This is taken to its logical conclusion by the cookie paywall. Forget about design tricks; they push the issue hard by involving your wallet.
People care about their privacy, and some will spend money on tools like virtual private networks (VPNs) to safeguard them. Personal data, though, hasn’t always been worth much to the average customer.
A 2020 study from the Technology Policy Institute showed that most people would exchange virtually any aspect of their online privacy for $10 or less. However, most people will undoubtedly prefer to save cash if they are to choose between data and a membership fee.
Wolfie Christl, a researcher who studies the data sector, explained that “data exploitation would become the norm for most Europeans as just a small fraction would pay this price across a big number of digital services.” He continues, “I hope that authorities, courts, and decision-makers would understand this menace and put a stop to it.”
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) – a privacy law in Europe – mandates that companies get users’ consent before collecting and using their data. Even though the law requires that consent should be “freely supplied,” regulators in France and Austria have determined that the cookie paywall approach is not obviously illegal.
The European Data Protection Board, which regulates how the GDPR is implemented throughout the E.U., hasn’t commented thus far.
Cookie paywalls are presently uncommon in the US
No overarching privacy laws exist at the federal level. Even the strictest state privacy laws do not require companies to seek user permission before being tracked. They are, however, required to give users a way to withdraw their consent. Most users do not bother, so it is still easy for companies to monetize their data. However, that could change.
Christine Lyon, global co-head of data privacy and security at the law firm Freshfields explained that “these opt-out requirements in the US do not put as much incentive or pressure on companies to move to a ‘pay or consent’ model.” However, Lyon warned that cookie paywalls might be introduced in America if stricter federal privacy regulations are passed.
The limited web history suggests that most people will not spend to preserve their data when privacy comes with a price tag. Such a slack approach could defeat the fundamental aim of regulations like the GDPR.
According to Santos, a study’s co-author, forcing people to give up their privacy with a financial penalty does not constitute meaningful, freely provided permission. “We observed the legitimization and proliferation of this practice. The business concept used here is replicable.”