It’s official: Facebook’s Like button could become your next GDPR nightmare

The Court of Justice of the European Union’s new landmark ruling finds that websites hosting Facebook Like button widget could be in breach of the General Data Protection Regulation (GDPR) if they are not careful. 

It found that if they simply have a Facebook Like button on their site, they could be defined as a joint controller of private data. As such, they must first seek out the consent with visitors to share data with Facebook.

The case dealt with Fashion ID, a German online clothing retailer. The company had embedded a Like button on its website. The result was that visitors consulting the website would have their data sent to Facebook Ireland. However, the would not be aware that this was happening.

According to the ruling, the case kicked off when Verbraucherzentrale NRW, a German public-service association tasked with safeguarding the interests of consumers, criticised Fashion ID for sending the Irish branch of Facebook data without customers’ consent. It also argued Fashion ID had failed its duties to inform website visitors about the transfer, which again could arguably be in breach of GDPR.

While the courts judged that Fashion ID couldn’t be seen as a direct controller of how the data was processed by Facebook Ireland, the company could be considered a joint controller in respect of the operations involving the collection and disclosure by transmission to Facebook Ireland. As a joint controller, it had an obligation under GDPR to seek out the consent of people before sharing their private data with Facebook.

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.