Facebook’s Like button could be more hassle than its worth for European organisations navigating the minefield of GDPR legislation, following a landmark ruling by the European Court of Justice that website owners can be held liable for data collection relating to the use of the widget.
The omnipresent blue-hand is a familiar sight upon even the most cursory of glances around the internet, leaving the door open to web managers being collared by national privacy regulators as being complicit with the well-publicised failings of Facebook itself.
In their ruling the judges say the use of such widgets by any organisation amounts to being a joint data controller, meaning that websites "must provide, at the time of their collection, certain information to those visitors such as, for example, its identity and the purposes of the [data] processing."
The darker side of Facebook’s Like button has come to prominence in recent months on the back of a series of privacy scandals to rock Facebook, with analysts pointing out that its primary function isn’t as a digital show of support but a tool to track individuals and permit data collection beyond Facebook’s products.
This was brought to light in a case involving German retailer Fashion ID which was sued by consumer rights group Verbraucherzentrale NRW over its use of the Facebook widget which escalated to the ECJ, which has now determined that Fashion ID must be considered a data controller in terms of both the collection and transmission of data.
Under GDPR rules a ‘data controller’ is held responsible for any data protection failings.