The GDPR does forbid hinging service quality/availability on consent
Although this is one of the areas where it seems some sort of challenge is inevitable. Requiring businesses to give people more control over data about them is one thing. Requiring businesses to do things that make no business sense, like providing services to people despite getting nothing in return, is something else entirely.
It doesn't forbid you to provide free service, to my understanding, you can charge for the service but you can't provide a worse free experience when a user opts out.
Additionally, this does not affect data that is necessary to operate the service. When you run a GPS tracker app then it is entirely okay to ask for the right to process someone's position as part of that contract (as long as you don't share it with a third party).
There doesn't seem to be any problem with either totally free or paid services. The potential problem is with business models that are free in financial terms but instead rely on some form of data or advertising for their source of revenue.
Personally, I value my privacy. I don't tend to use services like Facebook, mostly because I don't want to encourage that sort of perpetual surveillance or volunteer that much data about myself (or encourage my friends/family/colleagues to do so for me) to be used for purposes I don't fully understand.
On the other hand, apparently there are literally billions of people in the world who disagree with me. Most people I know demonstrably are willing to give up some privacy in return for the convenience that Facebook provides to them.
Requiring such a business to allow users more control over how data about them is being processed is one thing, and there are pros and cons that reasonable people can debate in that area. But I'm not sure the EU has any moral/ethical right to dictate that business models that have supported highly successful businesses with literally unprecedented levels of popular support should no longer be viable, and the conditions we're talking about here look awfully close to allowing that.
>But I'm not sure the EU has any moral/ethical right to dictate that business models that have supported highly successful businesses with literally unprecedented levels of popular support should no longer be viable, and the conditions we're talking about here look awfully close to allowing that.
I would say that being popular does not correlate with being good and moral. Being successful does not correlate with being good and moral either.
>Most people I know demonstrably are willing to give up some privacy in return for the convenience that Facebook provides to them.
The patient is not always right. A lot of people would give up privacy for facebook because in the faustian bargain, the short-term benefit outweighs the long-term consequences.
Hopefully it specifies opt in instead of opt out. I can't tell you how many things I've forgotten to do while being conscientious because it was just so out of the way.
GDPR wants absolutely undeniable consent including that if you give consent, the corporation involved has to keep proof that you consented. It is very much opt-in.
Although this is one of the areas where it seems some sort of challenge is inevitable. Requiring businesses to give people more control over data about them is one thing. Requiring businesses to do things that make no business sense, like providing services to people despite getting nothing in return, is something else entirely.