A European Union (EU) court has ruled that companies that embed a Facebook ‘Like’ button on their website can be held liable for the data collected and sent to the social media giant. The ruling stemmed from a suit filed by a German consumer group that alleged that data collected and sent to Facebook from online retailer Fashion ID violated the data protection rules laid out in the GDPR.
Anthony Spadafora filed this report for TechRadar:
According to EU data privacy rules, a data controller determines why personal data must be collected and how it is processed. A data processor on the other hand only processes personal data on behalf of the controller and is often a third-party company.
The ECJ judges found that, in the case of embedding Facebook’s ‘Like’ button, both the website and Facebook are responsible, saying:
“The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website.”
German retailer Fashion ID gained a commercial advantage from the ‘Like’ button as it made its products more visible on Facebook according to the court which also said that the company is not liable for how the data is processed by Facebook.
