Consent or Pay Models: Are Paywall Cookie Consent Legal For Site?

Posted in Guide, WordPress Posted on
Consent or Pay Models: Are Paywall Cookie Consent Legal For Site?

Summary

Big tech companies are rolling out consent or pay banners, but are they legal?
This controversial model forces users to either agree to data tracking or pay for an ad-free experience. Some call it a fair choice, but others say it’s privacy extortion.

In this article, we break down what the law says, what global regulators are deciding, and why your business needs to understand carefully before adopting it. If you think “consent or pay” is the future, you might want to read this first.

In late 2023, Meta rolled out a new model across the EU: users could either accept tracking for personalised ads or pay a monthly fee to use Facebook and Instagram ad-free. This move sparked instant backlash and caught the attention of privacy regulators across Europe. 

So, here’s the big question businesses are now asking: Is it even legal under GDPR to give users a choice between consenting to data use or paying for access? And if it is, what does “freely given” consent actually look like when money enters the equation?

In this article, we’ll unpack how the “consent or pay” model works, what the ICO and EDPB are saying about it, and what to watch out for if you’re thinking of using it. 

We’ll also look at how platforms like WPLP Compliance Platform are helping site owners by giving them tools to handle consent in a way that’s user-first and regulation-ready.

Let’s dive right in!

Table Of Contents

With online privacy gaining more attention and data laws becoming tighter, a new approach called the “consent or pay model” is getting noticed.

A consent or pay model gives users two clear choices when they land on a website: either to accept data tracking for personalised advertising, or pay a fee (often monthly or one-time) to access the same content without tracking. 

In some cases, users who choose not to consent might get limited access or reduced functionality.

You might also hear this referred to as a “paywall cookie consent” model. It’s different from a standard subscription paywall where users pay simply to unlock premium content.

Here, the payment is directly tied to privacy. Either users pay to keep the data private, or allow tracking to access content for free.

If you’re planning to adopt this model, it’s important to handle it carefully. Make sure the messaging is clear, the user experience is fair, and any fees are reasonable. Done right, it can meet compliance standards and show your users that their privacy choices are taken seriously.

At first glance, this setup offers a fair trade-off between user choice and businesses. But as the model gains traction across Europe and beyond, it’s sparking heated debates on legality, ethics, and implementation. 

Consent or Pay models have emerged with a slight advantage for ad running companies, while putting users into a dilemma. 

For platforms that rely on advertising to stay profitable, giving users a paid, privacy-first option is a practical way to respect their data choices without losing revenue. From the user’s perspective, however, this could mean that if they want to continue viewing the site, they’ll either have to pay or be forced to accept the tracking.

Due to ongoing conflicts, authorities like the UK’s Information Commissioner’s Office (ICO) and the European Data Protection Board (EDPB) are closely reviewing these setups. 

The main concern is whether users genuinely have a choice or if they are accepting the consent just to avoid paying.

These factors are currently trending with respect to the consent or pay model.

Regulators across Europe and the UK are rolling out detailed guidance on the consent or pay system. Each has their perspective on how it should work. 

Let’s check some of the top countries and see what they have to say about the model.

1. EU: EDPB and GDPR

The EDPB’s Opinion 08/2024, issued at the request of multiple EU DPAs, highlights that offering just two options, consent to behavioural ads or pay, often does not meet the standard of “freely given” consent under Article 7 GDPR

Regulators must consider an equivalent alternative: you should offer a free option without behavioural tracking. Opting for alternatives such as contextual ads could still deliver the core service.

2. France (CNIL)

The CNIL has clarified that cookie walls or paywalls can be valid on the condition that only when users have a real, satisfactory alternative. 

If refusing tracking denies access or forces a fee that isn’t reasonable, then there’s no genuine consent. Pricing must reflect the actual cost lost from ad revenue, not simply be decided on an individual business perspective.

3. Germany (BfDI)

Germany’s Federal Commissioner for Data Protection and Freedom of Information (bfDI) enforces both the EDPB and the landmark CJEU Bundeskartellamt (Case C‑252/21) ruling. 

According to this, the consent must be active and free. Further, the BfDI scrutinises platforms to ensure users aren’t cornered into privacy trade-offs they hadn’t knowingly signed up for 

4. UK (ICO)

UK’s ICO aligns closely with EU guidance. Its principle requires that the paid version still offer broadly the same core service, without penalising users who refuse consent. Fees must be fair and not discourage refusal or withdrawal of consent at any time.

5. Global Perspective

In the USA, state laws like CCPA also stress that users shouldn’t face unfair consequences just for opting out, even if the US laws are generally more flexible with paywalls.

Meta’s model is currently under investigation under the EU DMA, with a €200 million fine issued in April 2025 and ongoing legal challenges under EU jurisdiction.

The main question arises whether consent or pay models are GDPR compliant. Many would say yes, and many would object to it. But no one actually knows the real answer. 

From our perspective, the model is GDPR compliant only if the setup meets some strict conditions. As per the GDPR consent or pay model, the consent must be freely given, informed, specific, and unambiguous. 

If users feel like they have no real choice because the paid option is too expensive or they have to leave the site, then that consent doesn’t count as valid.

The EDPB’s latest guidance makes this clear. If you’re going to charge users who refuse tracking, the fee must be fair. That means it should reflect the value lost from ad revenue, not be so high that it pressures people into agreeing. 

It’s also important that users shouldn’t be locked out of key features or content just because they want privacy.

Regulators are already watching closely. The European Commission is investigating Meta’s “consent or pay” model, and the Austrian DPA recently ruled that charging €10–13/month for tracking-free access might not meet GDPR’s “freely given” standard, especially since Meta holds so much market power.

So yes, these models can be legal, but only if done carefully. Do not overcharge for this model and keep all the data-related queries transparent with your users. 

If you’re thinking of using this model, focus on clear messaging, fair pricing, and real user choice. That’s what regulators want and what users expect.

Whenever a model as such is made, it always comes with several risks and challenges. This particular consent or pay model is also risky to implement and has caused distress in many users.

Even after the model faced a lot of criticism, some businesses do try to implement this model in order to obtain data or get monetary benefits. 

The Consent or pay model sounds fair on paper, but it actually comes with a few big risks.

First, users may not like it. If people feel like they’re being pushed to give up their data just to access content, it can damage trust. Some might just leave the site. Others may speak out or report it.

Second, there’s the legal side. If your setup doesn’t follow GDPR rules closely, like making sure consent is really free, you could end up in trouble. And if the media picks it up, it can hurt your brand too.

Third, users are already tired of cookie popups. Adding a paywall can feel like one more annoying step. And not everyone can afford to pay for privacy, which raises questions about fairness.

In short, this model has to be implemented in a very careful manner. It should not affect your brand, and it should not put pressure on the users as well. One wrong move, and it could cost you both users and reputation.

Several big names have already tested the “consent or pay” model, and the results are mixed.

1. Meta (Facebook and Instagram)

Meta consent or pay model

In late 2023, Meta introduced a paid, ad-free version of Facebook and Instagram for EU users. The price? Around €10–13/month. The free version still included targeted ads, but only if users agreed to tracking. 

Almost immediately, privacy groups filed complaints, claiming this wasn’t “freely given” consent under GDPR. 

Regulators, including the European Commission and Austria’s DPA, quickly raised questions. The main issue? Whether that price point really allows users to say “no” freely, or if it pressures them into accepting tracking. Investigations are ongoing.

Lesson learnt: Just giving a choice is not sufficient. The pricing and design of that choice also matter.

2. Spotify (Europe)

Spotify consent or pay model

Spotify doesn’t use a formal “consent or pay” banner, but the principle is similar. Free users get ads, often personalised. Premium users don’t. 

While not positioned as a privacy choice, this model shows how platforms bundle consent and service levels and how that could come under scrutiny if regulators start seeing it as implicit pressure.

Lesson learnt: Even indirect pressure to consent can be questioned if privacy choices aren’t clear.

3. Die Welt, Le Monde, and Other European Publishers

Die welt

A number of media outlets in Germany and France, including the famous Die Welt, Le Monde, and La Dépêche du Midi, have added “consent or pay” layers. 

Readers can accept cookies for a free experience or pay for ad-free access. The pricing is generally lower than Meta’s model, around €1–3/month, which helps argue that the fee is fair and proportionate.

Lesson learnt: Businesses or publications have better chances to use the consent or pay model when the paywall fee feels reasonable and the content behind it is comparable.

4. Zee5 (India)

Zee5 India

Zee5, one of India’s major OTT platforms, uses a hybrid freemium model. Free users must watch ads and agree to tracking, while premium users enjoy an ad-free experience. 

While this isn’t framed explicitly as “consent or pay,” it mirrors the logic. What’s interesting is that Zee5’s privacy policy has become more transparent post India’s Digital Personal Data Protection (DPDP) Act, reflecting a shift toward clearer user choices and opt-outs.

They don’t yet offer a granular choice (example – pay money to avoid tracking), but it’s a step toward greater consent awareness in a market where such discussions are just beginning.

Lesson learnt: As India’s privacy laws mature, expect platforms to adopt more GDPR-style consent models.

Next, let’s look at some of the best practices to implement the consent or pay model.

Consent or Pay model

If you’re thinking of using a consent or pay model, getting the setup right is crucial not just legally, but for user too. 

Here’s a simple breakdown of best practices you should keep in mind:

1. Clear, Honest Communication

Tell users exactly what they’re choosing between. Be upfront and mention something like “You can browse with ads and tracking, or pay to use the site without personalised ads. Do not make it complicated to understand. 

2. Offer a Real Alternative

Your paid version should actually be usable. Don’t strip it of key features or content just because someone didn’t accept tracking. Regulators are clear: the “alternative” needs to be meaningful.

3. Fair Pricing

Set a price that’s reasonable. It should reflect the value you lose from not showing ads. Do not set it as a penalty for choosing privacy. Overcharging users just to nudge them into consent? That’s likely to get flagged.

You need a clear log of what the user chose. It could be providing consent or paying for the service, or opt-out of your site. This helps prove compliance later, especially during audits or DSAR (Data Subject Access Request) reviews.

5. Technical Setup

You’ll need proper session handling to keep track of user status. Whether they have consented to the request or are they a paid user who wants privacy. Also, cookie scripts should only load after you have valid consent or payment confirmation.

Bonus for WordPress User: How WPLP Compliance Platform Can Help

If you’re using WordPress, the WPLP Compliance Platform can simplify this whole process. It’s built for modern consent needs, and supports:

  1. Create custom consent banners with clear opt-in or opt-out options
  1. Integration with Google Consent Mode
  1. Logging of consent choices for each user to keep compliance records
  1. DSAR tools and privacy notices that auto-update
  1. Simple toggles to control cookie scripts based on user actions

By following these practices and opting to use the WPLP Compliance Platform, you’re in a better place to run the consent or pay model for your users.

How WPLP Compliance Platform Supports Ethical Monetization

WPLP Compliance Platform is an all-in-one solution that helps your business to comply with global laws such as GDPR and CCPA. It helps you to create legal pages for your site and also create a cookie consent banner as per your preference. 

Further, the platform complies with the latest framework of IAB TCF and supports Google Consent Mode. For a non-tech person, these mean that the platform is highly credible and helps your site to comply with stringent laws and regulations.

Suppose you want to try the consent or pay model, the WPLP Compliance Platform can play a key role in your deployment.  

Here’s how the WPLP Compliance helps you get it right:

  1. Granular Consent Controls: Users aren’t forced into a yes/no trap. They can say yes to essential cookies, no to tracking, or even choose a no-ads version if they prefer to pay. You give real options, and that’s what GDPR wants.
  1. Full Audit Trail: Every consent decision is logged. So when a user files a DSAR or you face an audit, you’ve got the full record ready.
  1. Customizable Consent Modals: Make your message clear and transparent. You can tweak the language, layout, and button behavior to avoid dark patterns and match your tone of voice.
  1. Brand-Friendly Design: Adjust colors, fonts, and layout so your consent prompt feels like part of your site, not some annoying pop-up.
  1. Built-in Compliance Proof: Whether it’s GDPR, ePrivacy, or CPRA, the platform helps you show that you’re abiding by the rules set by global laws without slowing down your business.
  2. Ensuring Lawful Implementation: Region-based banners to adapt the model depending on the visitor’s country laws (since “consent or pay” may be legal in some places and not in others).
  3. Transparency Tools: Built-in cookie scanner so users know exactly what cookies are being set before deciding.

FAQ

What is the Consent or Pay Model?

Consent or pay model is a strategy used by business websites or companies to obtain user data. The main goal is to provide two options to the users. The first option simply asks for user consent (basically to track and place ads) and the second option seeks a payment from the user to continue to use the site and to provide a tracking-free environment. 

Is “consent or pay” GDPR-compliant?

The consent or pay models can be GDPR compliant only if the consent is “freely given”. If a website asks its users to pay a huge amount, then the business is no longer GDPR compliant. GDPR can add hefty fines to your website for not following the protocol. 

Can I legally ask users to choose between consenting to tracking or paying to access my site?

Yes, you can, but it also depends on how much you’re charging for the ad-free environment. If it goes beyond the value of your ad spent, then it’s better to reconsider the payment amount.

Are all paywall cookie banners legal in the EU?

Considering the GDPR statement of “Consent must be freely given”, it’s impossible for all the paywall cookie banners to be legal in the EU. If you’re looking to legalise the paywall cookie banners, you can ask for a payment that is less than the money you spent on ads and also can use compliant tools like WPLP Compliance Platform to create a stunning GDPR compliant cookie banner.

Conclusion

The consent or pay model is a simple process where users either agree to data tracking (usually for ads), or they pay a fee to access the site without being tracked. 

It’s a newer way that websites, especially news and content platforms, are trying to balance privacy and business survival. This is an advantage for businesses in theory, but in practice, it gets tricky.

Regulators are watching closely. If the fee is too high, the consent isn’t really “free.” According to GDPR, the consent should be freely given, and if the paid version is limited or confusing, that’s another red flag. 

Another major drawback with this model is that it can hamper your site’s reputation when you are charging a fee, as many trusted users can back out of your site.

But if you feel this model has something to give you and want to try it out, you can use trusted sources like the WPLP Compliance Platform, as it can help you do it right. It gives you full control over how consent is collected, how choices are logged, and how the experience feels to your users.

Having read the article, what are your thoughts on this model?

Having read this article, here are more similar articles that you can check out:

Are you ready to implement the consent or pay model for your site? Grab the WPLP Compliance Platform today!