Companies using Facebook ‘Like’ button liable for data: EU court
BRUSSELS (Reuters) - Companies that embed Facebook’s “Like” button on their websites must seek users’ consent to transfer their personal data to the U.S. social network, in line with the bloc’s data privacy laws, Europe’s top court said on Monday.
Website plugins such as Facebook’s “Like” button are a common feature of online retail as companies seek to promote their products on popular social networks, but critics fear the data transfer may breach privacy laws.
The ruling from the Luxembourg-based Court of Justice of the European Union (ECJ) came after a German consumer body sued German online fashion retailer Fashion ID for breaching personal data protection rules via its use of the button on its site.
A German court subsequently sought guidance. ECJ judges said websites and Facebook share joint responsibility.
Under landmark EU data privacy rules adopted last year, a data controller determines why personal data must be collected and processed and also secure consent from users. A data processor only processes personal data on behalf of the controller and is usually a third-party company.
“The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website,” the judges said.
What Does Facebook Know About Me (It’s Scary)