A ruling by the highest court in the European Union regarding the common practice of putting a Facebook “Like” button on a website could have repercussions for American companies doing business overseas.
In late July, the Court of Justice of the European Union ruled that the owner of a website is jointly responsible, with Facebook, for any data that is shared with the social media giant by embedding a social media plugin, such as Facebook’s “Like” button. This means that websites must now get explicit permission to share information with social media sites and show they have a clear business reason for collecting and sharing data. While the website is responsible for protecting the data while it is transmitted to the social media site, the courts did find these websites are not liable for what Facebook and social media sites do with the data.
The decision stems from a lawsuit a German-based consumer protection group filed against a German online fashion retailer, alleging that the personal data of visitors to the website was being shared with Facebook regardless of whether or not they clicked on the “Like” button. While this lawsuit was specifically about Facebook, the court decision applies to any information transmitted to a social media site through a plugin.
While this decision was rendered pursuant to the former Data Protection Directive, a predecessor regulation to the General Data Protection Regulation (GDPR) enacted by the European Union last year, it serves as a clear reminder of the European Union’s belief that data privacy is a fundamental right of all European citizens. American businesses should not ignore this deeply held conviction and should take steps to ensure they do not run afoul of European privacy laws when doing business in the European Union.
The first question to consider when evaluating if this ruling by the Court impacts you is, are you advertising to residents of the European Union? While websites are global, if your key customer base is local and you are not actively directing sales or services to the European Union, you probably do not need to worry about this ruling. However, if you target a European audience with your advertising, marketing and website, this ruling will likely impact you, even if your company is based in the United States.
This ruling does not mean you need to instantly remove Facebook’s “Like” button or other social media plugins from your website entirely. Instead, companies who are actively marketing to customers in Europe should start by ensuring the plugin is integrated with your site in way that communication with the social media company only takes place when a consumer clicks on the plugin button—and not whenever someone browses the website. It is also important that businesses understand what data Facebook and other social sites are collecting from these plugins and how that data is being used. It is virtually impossible to appropriately inform users about the data processing that takes place through the use of the plugin and articulate a legitimate basis for processing the data without this knowledge.
With Facebook, other social media and websites facing increased scrutiny in regard to their data collection and privacy practices in recent months and the European Union taking a tougher stance on data privacy as well, this case serves as another reminder that all businesses need to be aware of what data they are collecting, who they are sharing it with and how all data is being used.
- Partner
Add a comment
Archives
- January 2022
- June 2021
- March 2020
- August 2019
- March 2019
- October 2018
- July 2016
- June 2016
- May 2016
- February 2016
- November 2015
- September 2015
- July 2015
- April 2015
- March 2015
- February 2015
- January 2015
- December 2014
- November 2014
- October 2014
- July 2014
- March 2014
- July 2013
- June 2013
- April 2013
- March 2013
- October 2012
- September 2012
- August 2012
- April 2012
- March 2012
- February 2012
- January 2012
- November 2011
- September 2011
- June 2011
- May 2011
- April 2011
- February 2011
- January 2011
- December 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2006
- February 2006
Recent Posts
- Rethinking Your Cyber Insurance Needs as Your Workplace Evolves
- Data Breach Defense for Educational Institutions
- COVID-19 and the Increased Cybersecurity Risk in a Work-From-Home World
- Like Incorporating Facebook into your Website? EU Decision Raises New Issues
- Lessons Learned: Key Takeaways for Every Business from the Capital One Data Breach
- Will Quick Talks to WRAL About Privacy Issues Related to Doorbell Cameras
- About Us
- Not in My House - California to Regulate IoT Device Security
- Ninth Circuit Says You’re Going to Jail for Visiting That Website without Permission
- Ninth Circuit Interprets “Without Authorization” under the Computer Fraud and Abuse Act
Topics
- Data Security
- Data Breach
- Privacy
- Defamation
- Public Records
- Cyberattack
- FCC Matters
- Reporters Privilege
- Political Advertising
- Newsroom Subpoenas
- Shield Laws
- Internet
- Miscellaneous
- Digital Media and Data Privacy Law
- Indecency
- First Amendment
- Anti-SLAPP Statutes
- Fair Report Privilege
- Prior Restraints
- Education
- Wiretapping
- Access to Courtrooms
- FOIA
- HIPAA
- Drone Law
- Access to Search Warrants
- Access to Court Dockets
- Intrusion
- First Amendment Retaliation
- Mobile Privacy
- Newsroom Search Warrants
- About This Blog
- Disclaimer
- Services