Companies that embed Facebook’s “Like” button on their websites must seek users’ consent to transfer
Companies using Facebook 'Like' button liable for data: EU court
Website plugins such as Facebook’s “Like” button are a common feature of online retail as companies seek to promote their products on popular social networks, but critics fear the data transfer may breach privacy laws.
The ruling from the Luxembourg-based Court of Justice of the European Union (ECJ) came after a German consumer body sued German online fashion retailer Fashion ID for breaching personal data protection rules via its use of the button on its site.
A German court subsequently sought guidance. ECJ judges said websites and Facebook share joint responsibility.
Under landmark EU data privacy rules adopted last year, a data controller determines why personal data must be collected and processed and also secure consent from users. A data processor only processes personal data on behalf of the controller and is usually a third-party company.
“The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website,” the judges said.
The German retailer benefited from a commercial advantage as the ‘Like’ button made its products more visible on Facebook, the court said, though it noted the company is not liable for how Facebook subsequently processes the data.
Facebook said the ruling sheds clarity on website plugins, calling them an important feature of the Internet.