(CN) – Heeding a magistrate’s recommendation, Europe’s top court ruled Monday that companies that add a Facebook “like” button to their websites share responsibility for how visitor data is collected and used by Facebook.
Critical to Verbraucherzentrale’s claim, the “like” button causes Facebook to gather data on Fashion ID’s website visitors, regardless of whether the visitors click the button. The transfer to Facebook occurs automatically, even if the user does not have a Facebook account, sending along the IP address and browser string of any user who lands on Fashion ID’s website.
Back in December 2018, Advocate General Michal Bobek recommended to that Luxembourg-based European Court of Justice that Facebook and websites be held jointly responsible for the collection and transmission of user data.
The court reached a similar conclusion Monday. While a copy of the ruling is not available in English, a press release says “the operator of a website such as Fashion ID, as a (joint) controller in respect of certain operations involving the processing of the data of visitors to its website, such as the collection of those data and their transmission to Facebook Ireland, must provide, at the time of their collection, certain information to those visitors such as, for example, its identity and the purposes of the processing.”
The processing of personal data can be considered lawful, the court, added saying Fashion ID must obtain “prior consent (solely) in respect of operations for which it is the (joint) controller, namely the collection and transmission of the data.” (Parentheses in original.)
“With regard to the cases in which the processing of data is necessary for the purposes of a legitimate interest, the Court finds that each of the (joint) controllers, namely the operator of a website and the provider of a social plugin, must pursue a legitimate interest through the collection and transmission of personal data in order for those operations to be justified in that regard,” the press release continues.