No, the EU doesn’t mess around. I don’t see any provisions in the GDPR allowing companies to do that.

I guess companies can charge money for services that cost them money, and give you money if you enable certain services.

GDPR doesn't need to reenumerate this. Selling service above cost is already allowed.

I mean as, want to use Messenger? That's $20 a month. Want to let us monetise your messages for ads? We'll pay you $20 a month.

Of course, I don't see Facebook actually doing this, but just food for thought.

No it's not true. That's exactly why this is so interesting and potentially devastating.

It appears not - it requires the consent to be freely given, as in, the customer actually wants you to process the data or the data is inherently necessary for the service e.g. a shipping address to ship goods. "'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;"

Article 7.4 "When assessing whether consent is freely given, utmost account shall be taken of whether, inter alia, the performance of a contract, including the provision of a service, is conditional on consent to the processing of personal data that is not necessary for the performance of that contract."

Recital 43 "...Consent is presumed not to be freely given if [...] or if the performance of a contract, including the provision of a service, is dependent on the consent despite such consent not being necessary for such performance."

Companies can deny services that cost them money unless you pay; but if you make "consent" as a condition for everyone then it's assumed that it's not freely given consent. You can deny service to everyone, but you can't require consent from everyone. That's not a new thing - that's exactly how the law works already regarding e.g. spam restrictions; you can have opt-in confirmation only if it's optional, if you make it mandatory to "opt-in" (e.g. deny registration unless the opt-in is checked) then it's not consent.

Also, even if you have consent, it can be revoked at any time (e.g. 5 minutes after the user received what they wanted), and you have to unconditionally remove the private information from your systems, even if you gave them a discount because they had "consented" at that moment.

Also, the customer may give you consent to process their data as such (e.g. include in your service) but object to their use in targeted marketing.

Article 21 (Right to object) "... (2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. (3) Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes." - so it should be expected that even if you have consensually obtained the data, then you cannot use it freely, you can use it only for particular purposes; and things like EULAs can't override that.