Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
EU Court Rules Adding Facebook 'Like' Button Triggers GDPR Data Collection Obligation
Websites with embedded Facebook “like” buttons must inform users their data will be collected and processed by the social media giant, the Court of Justice of the European Union ruled on July 29.
Many sites — including German online clothing retailer Fashion ID, the focus of the ruling — use Facebook's embedded “like” button as a tool to promote their business, allowing users to easily share site reviews or items for sale on social media.
But the button also sends users' personal data to Facebook “without that visitor being aware of it,” the court said. Data was allegedly collected and transmitted from site users who did not use Facebook or click the “like” button.
The court said Fashion ID and other sites “can be considered to be a controller jointly with Facebook Ireland” over the initial data collected from users on their site sent to Facebook because both parties determine “jointly the means and purposes” of that data collection.
Data controllers violating the EU's General Data Protection Regulation could face fines up to 20 million euros or 4% of annual global turnover, “whichever is greater.” Sites are not liable for what Facebook does with the data after it is consensually collected from their users.
To comply with GDPR, sites with a “like” button embed must now provide “at the time of [users' personal data] collection, certain information to those visitors such as, for example, its identity and the purposes of the processing.”
The processing and transmission of personal data through Facebook embeds “can be considered lawful” if sites prove legitimate interest or obtain user consent, which under GDPR must be “freely given, specific, informed and unambiguous.”
Sites that don't feature Facebook's “like” button could still be impacted by the decision, which may apply to plugins leading to other social media sites, such as Twitter or Pinterest.
But of all the U.S.-based social media platforms, Facebook's business has drawn the most ire from European regulators. The company is currently under investigation from the Irish Data Protection Commission over potential GDPR violations and faces an antitrust probe from the European Commission.
In a statement, Facebook associate general counsel Jack Gilbert said website plugins, such as the “like” button, are “common and important features of the modern Internet.”
“We welcome the clarity that today's decision brings to both websites and providers of plugins and similar tools,” Gilbert said. “We are carefully reviewing the court's decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”
Fashion ID did not immediately respond to request for comment.
*****
Caroline Spiezio covers the intersection of tech and law for Corporate Counsel, an ALM sibling of Cybersecurity Law & Strategy. She's based in San Francisco. Find her on Twitter @CarolineSpiezio.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace
Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.
Is Google Search Dead? How AI Is Reshaping Search and SEO
This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.
While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum
For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.
Revolutionizing Workplace Design: A Perspective from Gray Reed
In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.
From DeepSeek to Distillation: Protecting IP In An AI World
Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.