Europe’s top court has ruled that businesses which embed Facebook’s ‘Like‘ button on their sites can be held liable for collecting user data as their customer’s personal data is transferred to the US-based social network.
Online retail businesses often use website plugins to help promote their products on social networks but critics are concerned that the data transfer could breach EU privacy laws.
The Luxembourg-based Court of Justice of the European Union (ECJ) came to its ruling after a German consumer body sued the German online fashion retailer Fashion ID for breaching personal data protection rules by using Facebook’s ‘Like’ button on its site.
A German court sought guidance on the case and ECJ judges said that websites and Facebook share joint responsibility.
According to EU data privacy rules, a data controller determines why personal data must be collected and how it is processed. A data processor on the other hand only processes personal data on behalf of the controller and is often a third-party company.
The ECJ judges found that, in the case of embedding Facebook’s ‘Like’ button, both the website and Facebook are responsible, saying:
“The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.”
German retailer Fashion ID gained a commercial advantage from the ‘Like’ button as it made its products more visible on Facebook according to the court which also said that the company is not liable for how the data is processed by Facebook.
Facebook’s associate general counsel, Jack Gilbert responded to the ruling in a statement, saying:
“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”