Monday 29 July 2019 4:30 pm

Dislike: EU warns websites they're responsible for data leaked via Facebook's like button

Third-party websites are now jointly responsible for processing people’s data if they embed Facebook’s so-called like button, the EU’s foremost court ruled today.

The European Court of Justice’s ruling means websites must now either gain people’s approval for this activity or prove they have a legal basis for processing this data.

Read more: France, US and UK warn Facebook over libra cryptocurrency

The button automatically transfers people’s data to Facebook on webpages running the plugin.

That means sites may have to rethink how the plugin works before users have agreed to their data being shared with the social network.

The ECJ made its decision after a German consumer protection group brought a complaint against online retailer Fashion ID in 2015 for automatically sharing people’s data in this way.

It ruled that Fashion ID also held responsibility for people’s personal data alongside Facebook under EU rules introduced in 2018.

“Those processing operations appear to be performed in the economic interests both of Fashion ID and of Facebook Ireland, for whom the fact that it can use those data for its own commercial purposes constitutes the consideration for the benefit to Fashion ID,” the court said.

Today’s ruling tallies with an ECJ decision last year concerning Facebook fan pages, in which both administrators and the social networks hosting such pages can be responsible for users’ privacy.

However, Tanguy Van Overstraeten, global head of data protection at Linklaters, said the ruling could hurt web-based businesses.

“This is a very broad interpretation which is likely to seriously impact a large number of website operators and potentially also have implications for business models on the internet,” he said.

“This impact is all the more important as the level of awareness and understanding of these rules are likely to considerably vary among operators.”

Read more: Facebook beats estimates despite $5bn privacy fine

Nils Rauer, a partner at law firm Pinsent Masons, told Reuters the ruling would compel website administrators to “pay more attention to the embedding process, by way of obtaining dedicated data privacy advice”.

Jack Gilbert, Facebook’s associate general counsel, said: “We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”

Main image credit: Getty