Websites using Facebook’s ‘like’ button must get explicit permission from users because the feature sends customer data to the social media giant even if they don’t click on it, Europe’s top court rules
- European Court of Justice ruled on case against the German retailer Fashion ID
- Data about visitors was transferred to Facebook without users knowing about it
- Facebook used this data to make sure brand’s products would be more visible
- Decision comes after General Data Protection Regulation came into force
Europe’s top court has ruled that websites using Facebook’s like button must get explicit permission from users about the plugin as it collects customer data.
The European Court of Justice was examining the case against Fashion ID, an online German clothing brand, when it made the decision.
By having the Facebook like button on its page, Fashion ID ensured that its products would be more visible on the social media website.
Even if customers did not click the like button, data was transmitted to Facebook to say they had visited the page.
This data was sent to the social media giant ‘without that visitor being aware of it and regardless of whether or not he or she is a member of the social network’.
Europe’s top court has ruled that websites using Facebook’s like button must get explicit permission from users about the plugin as it collects customer data
The court ruled that Fashion ID, or any website with a similar button, ‘must provide, at the time of their collection, certain information to those visitors such as, for example, its identity and the purposes of the processing’.
Despite this, it also ruled that Fashion ID is not responsible for what Facebook does with any data given to it as it is ‘impossible’ that it ‘determines the purposes and means of those operations’.
Companies must tell users what their data is being used for to comply with the EU’s General Data Protection Regulation (GDPR), which came into force in May 2018.
Under GDPR, companies are required to report data breaches within 72 hours, as well as to allow customers to export their data and delete it.
Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
Further, the controller must provide a copy of the personal data, free of charge, in an electronic format.
This change is a dramatic shift to data transparency and empowerment of data subjects.
Jack Gilbert, Associate General Counsel at Facebook, said: ‘Website plugins are common and important features of the modern Internet.
‘We welcome the clarity that today’s decision brings to both websites and providers of plugins and similar tools.
‘We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.’
Even if customers do not click the like button on a website, data is transmitted to Facebook to say they had visited the page
