The European Commission really isn't happy about a Meta business model that gives users in the EU, European Economic Area and Switzerland the generous choice of continuing to use Facebook and Instagram with targeted ads without paying anything, or signing up for a monthly subscription that's said to offer an ad-free experience.

Officials from the Consumer Protection Cooperation (CPC) Network — a group of national authorities that enforce EU consumer protection laws — have suggested that Meta may be violating consumer legislation with the "pay or consent" approach. The Commission, which is the European Union's executive arm, coordinated the group's action against Meta.

The CPC Network sent Meta a letter laying out numerous ways in which it believes the company may be violating consumer laws. The company has until September 1 to reply and propose solutions to officials' concerns. If CPC officials find that Meta doesn't take appropriate steps to solve the problems, they could take enforcement actions against the company, which may include sanctions.

CPC authorities have suggested that Meta is misleading users by describing its platforms as free to use if they opt not to pay for a subscription, when Meta in fact monetizes their personal data by displaying targeted ads. They further say that Meta is "confusing users" by requiring them to access different areas of the privacy policy and terms of service to see how their data is being used for personalized ads.

Officials have also taken aim at Meta's "imprecise terms and language" that suggest subscribers will not see ads at all, even though those still might be displayed "when engaging with content shared via Facebook or Instagram by other members of the platform." Furthermore, they claim Meta is pressuring users who have long used Facebook and Instagram without forking over any payment "to make an immediate choice, without giving them a pre-warning, sufficient time and a real opportunity to assess how that choice might affect their contractual relationship with Meta, by not letting them access their accounts before making their choice."

Meta introduced its "pay or consent" options last year in an attempt to comply with the EU's data protection laws while maintaining its advertising model. CPC officials say they are concerned that "many consumers might have been exposed to undue pressure to choose rapidly" between consenting to data collection or paying a monthly fee, "fearing that they would instantly lose access to their accounts and their network of contacts."

This action is separate from other investigations the EU is carrying out against Meta over the "pay or consent" model. Earlier this month, the EU said Meta had potentially breached the Digital Markets Act with this approach. If found guilty, Meta could be on the hook for a fine of up to 10 percent of its global annual revenue.

In addition, the Commission requested more information from the company in March about the "pay or consent" model under the Digital Services Act, another law the bloc designed to keep the power of major tech companies in check. Not only that, consumer rights groups have filed complaints arguing that the approach violates the EU's General Data Protection Regulation.

Apple has been accused of underreporting the prevalence of child sexual abuse material (CSAM) on its platforms. The National Society for the Prevention of Cruelty to Children (NSPCC), a child protection charity in the UK, says that Apple reported just 267 worldwide cases of suspected CSAM to the National Center for Missing & Exploited Children (NCMEC) last year.

That pales in comparison to the 1.47 million potential cases that Google reported and 30.6 million reports from Meta. Other platforms that reported more potential CSAM cases than Apple in 2023 include TikTok (590,376), X (597,087), Snapchat (713,055), Xbox (1,537) and PlayStation/Sony Interactive Entertainment (3,974). Every US-based tech company is required to pass along any possible CSAM cases detected on their platforms to NCMEC, which directs cases to relevant law enforcement agencies worldwide.

The NSPCC also said Apple was implicated in more CSAM cases (337) in England and Wales between April 2022 and March 2023 than it reported worldwide in one year. The charity used freedom of information requests to gather that data from police forces.

As The Guardian, which first reported on the NSPCC's claim, points out, Apple services such as iMessage, FaceTime and iCloud all have end-to-end encryption, which stops the company from viewing the contents of what users share on them. However, WhatsApp has E2EE as well, and that service reported nearly 1.4 million cases of suspected CSAM to NCMEC in 2023.

“There is a concerning discrepancy between the number of UK child abuse image crimes taking place on Apple’s services and the almost negligible number of global reports of abuse content they make to authorities,” Richard Collard, the NSPCC's head of child safety online policy, said. “Apple is clearly behind many of their peers in tackling child sexual abuse when all tech firms should be investing in safety and preparing for the roll out of the Online Safety Act in the UK.”

In 2021, Apple announced plans to deploy a system that would scan images before they were uploaded to iCloud and compare them against a database of known CSAM images from NCMEC and other organizations. But following a backlash from privacy and digital rights advocates, Apple delayed the rollout of its CSAM detection tools before ultimately killing the project in 2022.

Apple declined to comment on the NSPCC's accusation, instead pointing The Guardian to a statement it made when it shelved the CSAM scanning plan. Apple said it opted for a different strategy that “prioritizes the security and privacy of [its] users.” The company told Wired in August 2022 that "children can be protected without companies combing through personal data."