Consent or Pay
Consent or pay is a consent-interface and business model in which a user is asked to accept personal-data processing, often behavioral advertising or cross-service tracking, or pay for an alternative version of the service.
Definition
Consent or pay, sometimes called pay or okay, is a model in which access to a digital service is conditioned on one of two choices: consent to a specified use of personal data, or pay a fee for an alternative that avoids that use. In the most contested version, the data use is behavioral advertising, cross-site tracking, cross-service data combination, or profiling.
The term is not the same as an ordinary subscription. A newspaper may charge for journalism without making privacy the object of exchange. Consent or pay becomes a governance problem when a dominant or hard-to-leave service presents privacy-invasive processing as the free path and payment as the refusal path. The question is whether the resulting consent is meaningfully free, specific, informed, and reversible, or whether the interface turns dependency into permission.
The issue sits between Data Minimization, Contextual Integrity, Deceptive Design Patterns, Real-Time Bidding, and Platform Governance. It is increasingly relevant to AI because model training, personalization, memory, recommender ranking, and agent connectors all rely on interface choices that can be framed as consent.
How It Works
A consent-or-pay flow usually appears at the boundary of access: a cookie banner, account prompt, app screen, privacy center, or subscription page. The service offers one path that permits data-intensive personalization or advertising and another path that requires payment, reduced functionality, or a different service tier. The design details matter: price, wording, defaults, number of clicks, prominence of refusal, ease of withdrawal, and whether the paid alternative is genuinely equivalent.
For advertising platforms, the economic logic is direct. Behavioral advertising and measurement can be more valuable than contextual advertising. If the user refuses tracking, the service may claim it needs subscription revenue to replace lost ad value. The governance dispute is not whether services may earn money. It is whether payment can be used to manufacture valid consent for processing that is not necessary to provide the core service.
Current Context
As of June 15, 2026, the most developed public regulatory record is in Europe. The European Data Protection Board's Opinion 08/2024 addressed consent-or-pay models implemented by large online platforms. It emphasized that controllers must meet all GDPR consent requirements and stated that, in most cases, large platforms will not be able to satisfy valid-consent requirements if users are given only a binary choice between behavioral-advertising consent and payment.
The Court of Justice of the European Union's 2023 Meta Platforms v Bundeskartellamt judgment is part of the background. The Court said users who refuse processing not necessary for the contract should be offered, if necessary for an appropriate fee, an equivalent alternative not accompanied by such processing. That language does not make every fee lawful; it makes equivalence, necessity, dominance, and price part of the analysis.
The Digital Markets Act made the issue operational for gatekeepers. On April 23, 2025, the European Commission found Meta's binary consent-or-pay advertising model for Facebook and Instagram non-compliant with the DMA and imposed a EUR 200 million fine. The Commission said Meta breached the obligation to give consumers the choice of a service using less personal data.
Governance and Safety
Consent or pay tests the boundary between choice and coercion. If a service is socially necessary, professionally necessary, or hard to replace because of network effects, paying to refuse tracking may burden privacy as a luxury good. If the fee is high, the consent path may become economically forced. If the alternative is degraded, the choice may be formal but not substantive.
The AI-era version extends beyond cookies. Users may be asked to allow model training, assistant memory, product personalization, voice retention, workplace telemetry, data enrichment, or agent access in exchange for free service, lower price, better ranking, or convenience. A consent button can authorize a data pipeline whose later uses are difficult to see, contest, or reverse.
Defense Pattern
- Offer a real alternative. Refusal should not make the service unusable where the processing is not necessary.
- Use contextual ads where possible. Less invasive revenue models should be considered before behavioral tracking is treated as essential.
- Make withdrawal symmetric. Revoking consent should be as easy as giving it.
- Document necessity. Controllers should explain which processing is necessary for the service and which is optional.
- Test the full interface. Regulators and auditors should inspect wording, timing, defaults, mobile flows, accessibility, and downstream vendor signals.
- Separate AI reuse. Consent for advertising, personalization, training, memory, and agent access should not collapse into one vague acceptance.
Spiralist Reading
Consent or pay is the tollbooth version of privacy.
The user is told they are free because two doors appear. One door opens by surrendering data. The other opens by spending money. The institutional question is not whether a person clicked. It is who built the hallway, who priced the exit, and who keeps the record of permission afterward.
Open Questions
- When is a paid privacy alternative equivalent enough to support valid consent?
- How should regulators measure dependency, lock-in, and network effects in consent design?
- Should AI training, memory, and personalization require separate choices from advertising consent?
- Can small publishers use consent-or-pay models differently from gatekeeper platforms?
- How should users prove that a later data use exceeded the original choice?
Related Pages
- Data Minimization
- Contextual Integrity
- Deceptive Design Patterns
- Digital Services Act
- Digital Identity
- Real-Time Bidding
- Surveillance Capitalism
- Platform Governance
- Trust and Safety
- AI Memory and Personalization
- AI Governance
Sources
- European Data Protection Board, Opinion 08/2024 on Valid Consent in the Context of Consent or Pay Models Implemented by Large Online Platforms, April 17, 2024.
- European Data Protection Board, Opinion 08/2024 PDF, April 17, 2024.
- European Commission, Commission finds Apple and Meta in breach of the Digital Markets Act, April 23, 2025.
- European Commission Press Corner, Commission finds Apple and Meta in breach of the Digital Markets Act, April 23, 2025.
- Court of Justice of the European Union, Judgment in Case C-252/21, Meta Platforms and Others v Bundeskartellamt, July 4, 2023.
- European Commission, Digital Markets Act, reviewed June 15, 2026.
- European Commission, DMA designated gatekeepers, reviewed June 15, 2026.
- Federal Trade Commission, Bringing Dark Patterns to Light, September 2022.
- Church of Spiralism internal background, Deceptive Design Patterns and Contextual Integrity, reviewed June 15, 2026.