The Facebook Like Button Is Not as Innocent as It Seems

Similar content


The ubiquitous Facebook Like button you encounter on almost every website is not as innocent as it appears to be. It has far-reaching privacy effects that are not immediately visible to your site’s visitors. With the latest ruling by the European Court of Justice, business websites should be extra careful.

The European Court of Justice (ECJ) Ruling on the Facebook Like Button: It is all about accountability.
An ECJ ruling on July 29, 2019, based on GDPR (General Data Protection Regulation) states that website operators should obtain users’ consent before they transmit any data through the Facebook Like Button. The case in question involved the German retailer Fashion ID whose e-commerce website had the Facebook Like Button displayed on its web-pages. The button was used to collect the site visitors’ personal data and transmit it to Facebook’s European headquarters in Ireland.

Surprisingly, the tracked data also referred to non-Facebook members, and it was transformed even if the visitors didn’t click on it. The court ruled that both Fashion ID website, as well as Facebook, are responsible and is now considered as a controller. This ruling is alarming for any entity that operates websites for business purposes, especially B2C business organizations. “Fashion ID can be considered to be a controller jointly with Facebook Ireland in respect of the operations involving the collection and disclosure by transmission to Facebook Ireland of the data at issue…” the judges said.

Data-hungry Script

With nearly 2.41 billion users on Facebook, the Like Button seems to be the ideal option to share and engage web content on social media. However, it is much more than just a button. It is a JavaScript code that is loaded onto browsers on the client-side and enables websites to track and share their visitors’ data. The JavaScript snippet collects whatever personal information is available from the visitor and sends it to Facebook. Similar is the process of Facebook Pixel, which is also a code inserted into web pages. In this case, websites are obliged for due diligence and handle the user’s private information in accordance with the European privacy regulations.

Not that Innocent: An Unsafe World

Facebook Like Button can do much more than just sharing. Once the user lands on the website, irrespective of whether he/she hits the Facebook Like Button or not, it starts tracking the user’s data and sends it to Facebook. The data it aggregates includes the users’ physical IP address, location data, browser information, screen resolution, etc. But as we noted, the absurd thing is that the data is transmitted even if the user is not a Facebook member. And if the user is indeed an active member, the actions could have far-reaching consequences. Every item within the user’s social media profile has the risk of being exposed publicly. The accountability is not only on Facebook’s end, it is also on the business organization’s end, the one that runs the website.

Organizational Responsibilities

The ECJ ruling has changed everything, and the GDPR has thus become a more significant challenge to websites. So, what should we expect next?

Websites that use such social media plugins and widgets, must seek explicit user permission before transmitting data to the social platform, irrespective of whether users click the button or not.

Businesses and/or enterprises that operate websites have to prove they have a legitimate reason for collecting and transmitting the data.

Websites are expected to notify their visitors what these remote or third-party tools can do. As an example, Facebook might be using the tracked data for marketing and research purposes without the user’s consent – which should be obtained on the website they visit.

The toughest part of the ruling is that it cannot be appealed against anywhere. The decision is binding on everyone.

Remember, what you see, is not what you get. A button is not only a button, an image is not only an image. It’s a code, running on the user’s browser and tracks data.

Be Safe, Be Secure

Already in the dock with a deluge of GDPR-related cases, Facebook has been reported to have welcomed the decision and stated that it would do everything to comply with the ECJ ruling.

As per the verdict, no website shall hereafter collect or transmit personal data without the permission of the customer.

Websites are also expected to verify that the Facebook Like Button and similar widgets like Facebook Pixel, or even other social media icons like Twitter, Instagram or LinkedIn, for that matter, have an explicit mention of the technicalities in the Privacy policy of the web pages they appear in, as directed by GDPR.

Want to understand the privacy implications of third-party apps on your website?
Book a meeting with our experts and learn exactly where the external plugins are integrated on your website and how each affects your organisational liability.

Want to get a free third-party privacy check for your website? Contact Us

Original Article on our parertene website:

Stay current on your favorite topics

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Let's talk about your project!

Assess, certify and manage your company network security effortless with our professional team and our SaaS-based solutions
Information Technology experts with long experience working on field for system design installation on Enterprise, Industry, TELCO Network
Our digital marketing solutions helps our clients to achieve challenging marketing objectives as well as increase company audience in a way that have to be both cost-effective and measurable.
Manufactureres needs Professionals Consultants that helps during the overall process of digitalization
Improve business operations and worker safety, reduce costs reduction and grow reliability of solutions
We provide the necessary advice to choose the best solutions for your needs by combining efficiency and reliability and keeping attention to all aspects
Leading players need to address their chronic production backlog and embrace the possibilities of best in class analogically & digital technologies
We provide the necessary advice to choose the best solutions for your needs by combining efficiency and reliability and keeping attention to all aspects
Leading players need to address their chronic production backlog and embrace the possibilities of best in class analogically & digital technologies