The Atlanta Journal-Constitution
Facebook’s ‘Like’ button makes websites liable, EU rules
Facebook Inc.’s “Like” button makes third-party websites responsible for processing people’s data under the European Union’s privacy rules, according to the EU’s top court.
The EU Court of Justice weighed in on a dispute after an online fashion retailer was accused of violating EU law by embedding a Like plugin, which a local consumer association said allowed the social media company to collect data on the site’s users.
The owner of a website can be held jointly responsible for “the collection and transmission to Facebook of the personal data of visitors to its website,” the Luxembourg-based court said in a ruling on Monday. “By contrast, that operator is not, in principle, a controller in respect of the subsequent processing of those data carried out by Facebook alone.” The decision can’t be appealed.
The case has been closely watched by privacy lawyers who say many companies are unaware of the potential risks of being held jointly liable with tech giants such as Facebook for data they share with them by embedding a social plugin on their website. Belgium’s data protection regulator said last year a ruling making websites jointly liable could have “serious repercussions” for website operators.
The case dates back to before the EU enacted much stricter privacy rules with its General Data Protection Regulation. Still, the concept of two companies being seen as joint controllers for data protection reasons remains relevant in the new rules, said Tom De Cordier, a Brussels technology and data protection lawyer.