Avatar (Fabio Alessandro Locati|Fale)'s blog

On the nature of the right to privacy

November 28, 2023

In the last month, Meta has started to give their European users a choice between an account for their services paid in data or one paid in Euros. Today, noyb has filed a GDPR complaint against Meta over this behavior. Noyb has very good points to sustain their filing, but I don’t want to delve too much into those since those are very well explained in their press release. I think there is a deeper problem that they quickly touch but do not address directly, which is the interpretation of the kind of right that privacy is.

When I think about rights, I divide them based on the ability to waive them into the following five categories:

Even though I divide rights into those five categories, people might divide them in different ways since this is a continuum, so every discrete categorization is (mostly) arbitral.

To understand how to place Meta’s rights waive request, we need to consider a few things:

Due to all those reasons, I think Meta behaves as if privacy is a right of the second kind (waivable with a “simple” action).

Personally, I think this is not aligned with what the GDPR stands for since the GDPR specifies multiple times that the user needs to be clearly informed about the privacy implications, and the user needs to make their decision out of free will. I think there is a need for a more clearly defined set of characteristics that a lawful waive of privacy request should have, and I think the set should be something like this:

Those considerations are not against noyb’s action since I think they have great points as well, just an additional point that they have not listed, probably due to the nature of their action (a data protection authority filling) that has certain rules that they have to stick with.