Third-party websites using Facebook’s “Like” button are responsible for processing people’s data under the European Union’s privacy rules, the EU’s top court ruled on Monday (July 29).
Companies that embed the button on their websites can be held liable for collecting users’ personal data because they are allowing the information to be transferred to Facebook, Reuters reported.
The Luxembourg-based Court of Justice of the European Union (CJEU) weighed in on a dispute after a German online fashion retailer was accused of violating EU law by embedding a “Like” plugin. A consumer association in Germany said the plugin allowed the social media company to collect data on the site’s users, the news outlet said.
According to the judgment published by the CJEU, websites are responsible for "operations involving the collection and disclosure by transmission to Facebook." The websites are not responsible for what happens to the data after it's passed to Facebook.
“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law,” Jack Gilbert, Facebook’s associate general counsel, said in a statement.
Under the General Data Protection Regulation (GDPR), citizens have a right to decide how, when and by whom their data is used. Since GDPR was initiated in May 2018, there have been $62.6 million in fines, along with 200,000 investigations into breaches.
A New York-based data privacy software startup aims to automate data privacy and make it easier to meet GDPR compliance obligations. Ethyca raised $4.2 million in seed funding this month (July).
The EU’s supreme court, whose decisions are binding for member states, ruled that Google and other search engines do not have to abide by the EU’s “right to be forgotten.”