The Court of Justice of the European Union (CJEU) has ruled that websites hosting Facebook Like buttons can be held liable for transferring data to Facebook. While the court said that the third-party website cannot be held responsible for the data processing carried out by Facebook after the data has been transmitted, it absolutely can be held liable for facilitating the collection and transmission of the data via the Like button.
The decision by the court came after a German consumer association, Verbraucherzentrale NRW, sued the German retailer Fashion ID for breaking data protection rules by using the Facebook Like button on its website. The CJEU reported its decision after a German court asked for guidance on the matter.
In its statement on the matter, the court said that the website operators, Fashion ID, in this case, must obtain consent from users to let them know that it’s collecting data and transmitting it to Facebook. Additionally, the court said that “the operator of a website and the provider of a social plugin, must pursue a legitimate interest through the collection and transmission of personal data in order for those operations to be justified in that regard.”
In response to the court, Jack Gilbert, Facebook’s associate general counsel, said:
“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”
The decision by the court is a big win for end users who want to retain their privacy from big technology firms like Facebook. It’s clear that there’s a demand for Facebook to stop tracking users because the Electronic Frontier Foundation’s Privacy Badger plugin, which blocks Facebook Like buttons, has around 1.4 million installs across Firefox and Chrome.