Ad-free reading models (also known as PUR models) provide end-users with a choice to either pay a fee to access ad-free content or to provide consent to a list of vendors (and purposes) specified by the publisher. David Pfau, Head of Data & Privacy at Conreri outlines the latest developments…
In recent years, providers of free content and services on the Internet have faced increasing technical and regulatory challenges when it comes to monetizing their services. In particular, media companies that ensure media plurality and independent journalism are also dependent on advertising revenues.
Now that consent is required for a large number of data processing operations under the GDPR, and pressure is mounting to request consent using consent banners on websites, an approach is currently gaining acceptance among media companies in Western Europe that harmonizes user privacy and the economic interests of providers as well as the regulatory framework – the so-called PUR model.
The classic PUR model generally offers two alternative paths. Either the user gives his consent to advertising and tracking or he pays a sum of money for the tracking- and advertising-free use of the offer. Users can therefore decide at their own discretion whether they want to pay money for a journalistic offering, for example, or use it free of charge, provided they give their consent to advertising and tracking. There are now providers of cross-website PUR subscriptions such as contentpass, which already offer subscribers freedom from advertising and tracking on over 200 websites, but which also compensate for lost advertising revenue on the publisher side.
Whilst the European Data Protection Board, the French supervisory authority (CNIL), the German Data Protection Conference (DSK) have already commented on PUR in the past, this has been followed by a decision of the Austrian supervisory authority on proceedings between the data protection organization noyb and derStandard in Austria. For a more in-depth analysis of the regulatory positions of the CNIL and the DSK, see the links earlier in this paragraph.
In summary, PUR models as such are accepted by a majority of European data protection supervisory authorities.
The admissibility of PUR models is likely to be based on three assessment criteria:
- Equivalent alternative: The PUR subscription must represent an equivalent alternative to the service that users obtain by giving consent to tracking and advertising. An evaluation standard for equivalence could be a standard market price.
- Legal compliance of consent: The effectiveness requirements for consent standardized in the GDPR, i.e., in particular the requirements listed in Art. 4 No. 11 as well as Art. 7 GDPR, must be met.
- Granularity of consent: In the opinion of the supervisory authorities, users must be able to select and deselect the different purposes of data processing on a granular basis. The extent to which this applies to all purposes, or purposes which are absolutely necessary to provide an ad-supported offer, is still controversial. From the point of view of the media industry, it is important to show that a large number of data processing operations are necessary in order to refinance the services provided and to continue to make content and services available on the Internet free of charge in the future.
Regardless of the extent to which the evaluation criteria are shared, a constructive dialogue can be conducted on this basis. For example, although consent must be specific, this does not mean that bundling of purposes is not possible, because even Recital 43 does not require separate consents per se, but only if “this is appropriate in the individual case”.
To what extent the positioning of the data protection supervisory authorities in the legislative process will affect the ePrivacy Regulation remains to be seen. The current draft of the ePrivacy Regulation of the EU Council of Ministers dated February 10, 2021 permits “cookie walls” while offering equivalent alternative access.
This shows that publishers can certainly present users with a choice and do not have to offer the option of granularly deselecting all purposes.
Head of Data & Privacy, conreri
conreri is a management consultancy from Hamburg with a focus on digital transformation and data protection. The experienced interdisciplinary team supports clients in the conception of legally compliant business models. conreri supports companies in meeting data protection requirements in line with the spirit of the times and jointly develops pragmatic approaches to solutions.