Facebook's like button puts websites into EU privacy firing line

Bloomberg
Bloomberg

Facebook’s “Like” button makes third-party websites responsible for processing people’s data under the European Union’s privacy rules, according to the EU’s top court.

The EU Court of Justice weighed in on a dispute after an online fashion retailer was accused of violating EU law by embedding a Like plugin, which a local consumer association said allowed the social media company to collect data on the site’s users.

The owner of a website can be held jointly responsible for “the collection and transmission to Facebook of the personal data of visitors to its website,” the Luxembourg-based court said in a ruling on Monday. “By contrast, that operator is not, in principle, a controller in respect of the subsequent processing of those data carried out by Facebook alone.” The decision can’t be appealed.

The case has been closely watched by privacy lawyers who say many companies are unaware of the potential risks of being held jointly liable with tech giants such as Facebook for data they share with them by embedding a social plugin, such as Facebook’s iconic ‘Like’ button on their website. Belgium’s data protection regulator said last year a ruling making websites jointly liable could have “serious repercussions” for website operators.

“Website plugins are common and important features of the modern internet,” Facebook’s associate general counsel Jack Gilbert, said in a statement. “We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”

Stricter Law

The case dates back to before the EU enacted much stricter privacy rules with its General Data Protection Regulation, or GDPR. Still, the concept of two companies being seen as joint controllers for data protection reasons, remains relevant in the new rules, said Tom De Cordier, a technology and data protection lawyer at CMS DeBacker in Brussels.

He said there’s a high likelihood that big organisations use such technology that tracks users’ data in some form on their websites.

“The impact will be that if something goes wrong on the data collection side, you may be on the hook as much as Facebook is,” he said.

“If the court takes a fairly broad interpretation of the concept of joint controllership, the risk exposure for companies becomes much bigger,” said De Cordier by phone before the ruling was known. “The level of awareness of this risk is still very low.”

ZAR/USD
17.35
(+0.20)
ZAR/GBP
22.73
(+0.11)
ZAR/EUR
20.56
(+0.07)
ZAR/AUD
12.46
(-0.06)
ZAR/JPY
0.16
(-0.11)
Gold
1943.35
(-0.68)
Silver
26.38
(-3.85)
Platinum
943.00
(-1.66)
Brent Crude
45.01
(-1.03)
Palladium
2109.00
(-2.75)
All Share
57077.48
(-0.60)
Top 40
52737.48
(-0.65)
Financial 15
10156.41
(-0.69)
Industrial 25
75107.47
(-0.84)
Resource 10
58926.78
(-0.40)
All JSE data delayed by at least 15 minutes morningstar logo
Company Snapshot
Voting Booth
Do you think it was a good idea for the government to approach the IMF for a $4.3 billion loan to fight Covid-19?
Please select an option Oops! Something went wrong, please try again later.
Results
Yes. We need the money.
11% - 1004 votes
It depends on how the funds are used.
74% - 6748 votes
No. We should have gotten the loan elsewhere.
15% - 1417 votes
Vote