It’s common to see the Facebook Like button on websites these days, but it may be a danger to those sites as a result of a new ruling from the European Court of Justice.
The court has decided that the website owners themselves are responsible for the data collected through the button. They are therefore also liable in cases where this data could be breached.
Given the social media giant’s infamous history regarding data protection issues, there’s good reason to be worried about the Facebook Like button. As reported by The Drum:
In their ruling the judges say the use of such widgets by any organisation amounts to being a joint data controller, meaning that websites “must provide, at the time of their collection, certain information to those visitors such as, for example, its identity and the purposes of the [data] processing.”
The darker side of Facebook’s Like button has come to prominence in recent months on the back of a series of privacy scandals to rock Facebook, with analysts pointing out that its primary function isn’t as a digital show of support but a tool to track individuals and permit data collection beyond Facebook’s products.
This was brought to light in a case involving German retailer Fashion ID which was sued by consumer rights group Verbraucherzentrale NRW over its use of the Facebook widget which escalated to the ECJ, which has now determined that Fashion ID must be considered a data controller in terms of both the collection and transmission of data.
You can read the full article here: https://www.thedrum.com/news/2019/07/30/facebook-s-button-poses-gdpr-risks-host-websites
Becoming complicit in Facebook’s data protection failings is an extremely dangerous thing to do – and considering its track record, could potentially bring certain companies to their knees. Many websites would therefore do well to completely remove the Facebook Like button.
This demonstrates how important it is to be aware of not only your own data protection processes, but also those of third-party developers and services.
You may believe your organisation to be GDPR compliant, but if you are using the services of one which isn’t, you will still be liable for any data breaches that occur as a result of their failings.
If you think this is a concern at your company, we can help. Contact us today – our GDPR consultancy services can help improve your compliance levels and reduce the data protection risks businesses face.