EU Court: Website using Facebook ‘Like’ button liable for data

01 Aug 2019
A German Consumer Body sued a German online clothing retailer Fashion ID for breaching personal data protection rules via its use of the Facebook ‘Like’ button on its website. The German Court sought guidance on this case from the European Union’s Court of Justice (ECJ).

The ECJ judges ruled that, in the case of embedding Facebook’s ‘Like’ button, both the website and Facebook are liable. In particular, they said: “The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.” The EU Court also noted that the German retailer Fashion ID gained a commercial advantage from the ‘Like’ button as it made its products more visible on Facebook.

According to EU General Data Protection Regulation (GDPR), a data controller determines why personal data must be collected and how they are processed. Following the EU Court’s ruling, a third-party company using the Facebook’s ‘Like’ button or any other similar widgets could be considered joint controller and, thus be held liable for the data collection and transmission to Facebook. However, the company will not be responsible for what happens to the data after it’s passed to Facebook.

In a statement to TechCrunch, Facebook's associate general counsel, Jack Gilbert said that “We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”

This ruling does not prevent Facebook or other companies with similar buttons from offering these options, however, websites embedded to these widgets must obtain the users’ consent before transferring their data to Facebook or other companies. Right now, it appears that these buttons embedded to the websites transfer the visitors’ data to other companies without their consent and regardless of whether the visitors click on them or not. Consequently, websites should adopt a different approach for ‘Like’ buttons in order to comply with data protection rules.
MORE RELATED NEWS

EADPP at the EDPB Stakeholder Event on processing of personal data for scientific purposes
Our Director, Maria Raphael, was a speaker at the 3rd Digital & Payments Conference
Privacy Minders’ co-founder was elected the President of the EADPP
Personal Data Protection Fines in Cyprus from July to September 2019
Larnaca, Cyprus

57 Spyrou Kyprianou Avenue,
Bybloserve Business Center, Larnaca 6051, Cyprus

London, United Kingdom

71-75 Shelton Street
London WC2H 9JQ
United Kingdom

Get in touch

Tel: +357 24812581/82
Fax: +357 24812583
Email: info@privacyminders.com

Click here to Subscribe