Facebook’s ‘Like’ button might not seem to be one of the internet’s most complex tools, but there is more to the little upturned thumb than meets the eye. Website plugins such as the ‘Like’ button are a common feature of online retail, as companies seek to promote their products on popular social media networks, but critics fear that the data transfer may breach privacy laws.
Recently, in case C-40/17 Fashion ID, the Court of Justice of the European Union (ECJ) said that companies that embed Facebook’s ‘Like’ button on their websites must seek users’ consent to transfer their personal data to the U.S. social network, in line with the bloc’s General Data Protection Regulation. The data of visitors to the website was being transferred back to Facebook without their knowledge, even if they hadn't clicked the button or weren't members of the social network, the court found.
“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law,” Jack Gilbert, Facebook’s associate general counsel, said in a statement.
Verbraucherzentrale NRW, the German consumer protection group which took Fashion ID to court, welcomed the ruling. “Companies that profit from user data must now live up to their responsibility,” its head Wolfgang Schuldzinski said.
The decision by the ECJ in the Fashion ID Case means that in the future, all websites transmitting data about European citizens back to Facebook and other social networks, whether by a Like button or any other plugin, must first get their explicit permission to do so in order to comply with strict EU data protection rules introduced last year. In accordance with Europe's General Data Protection Regulation, people must give explicit consent for their data to be collected.