Consent or pay
Consent or pay, also called pay-or-okay, is a tactic used by some companies to push people to consent to data processing under the GDPR. The user is shown a tracking consent notice with two options: consent to data processing and use the service for free, or refuse consent and pay to use the service. Critics say this pressures people to consent and may not be valid GDPR consent.
Under the GDPR there are six lawful bases for processing personal data. Consent must be freely given and withdrawable. Meta has changed its justification several times: it was based on contract, then legitimate interest, and finally consent. Critics say the “pay-or-okay” setup makes consent not truly voluntary because non-consenting users must pay.
In April 2024, the European Data Protection Board said that, in most cases, consent-or-pay does not meet the GDPR’s standard for valid consent.
The European Commission opened an investigation under the Digital Markets Act (DMA) on 1 July 2024. In April 2025, the Commission found Meta’s binary Consent or Pay model used on Facebook and Instagram (Nov 2023–Nov 2024) was not compliant with the DMA and fined Meta €200 million. Meta was also evaluating a newer version introduced in November 2024, which uses less personal data. In June 2025, the Commission warned Meta that it could face daily fines.
Other companies have also used consent-or-pay. The Austrian Data Protection Authority found Der Standard unlawfully used the model, and several other outlets (Der Spiegel, Die Zeit, Heise, Frankfurter Allgemeine Zeitung, Kronen Zeitung, and T-Online) have faced similar accusations.
This page was last edited on 3 February 2026, at 18:28 (CET).