Europe’s top court ruled against social plug-ins; here’s why

RapidVPN/ September 5, 2019/ Blog/

When you surf across the internet, the Facebook Like button in nearly unavoidable. If you visit any website you are highly likely to see the Facebook Like button which encourages you to share the “like” with your Facebook friends and family. However, after a sequence of events, the European Court of Justice (ECJ), which is the top court in Europe, may rule to put an end to the era of social media “like”. The recent events paved the way for a decision that the website operators need to seek out the consent of users before they transfer any personal data via the Facebook like button.

It became easier than ever to add social media sharing buttons to a website. When there are no proper safeguards in place for social plug-ins, it is most likely that the users may be unknowingly sharing all of their personal info with a bunch of digital advertisers, or third-party data brokers.

The ruling for a need of the permission before adding the “like” button started with a case in Germany, involving the German fashion retailer Fashion ID. When the case was given into the investigation, it appeared that the second that a user landed on the page of the e-commerce retailer, data was immediately sent to Facebook. Even in cases when the users did not have the Facebook accounts, Fashion ID was sending the info to Facebook of a user such as the physical address of the user or any other potentially identifying information. In the cases when the users of a retailer had Facebook accounts, it was even worse, all of the information of the users included into Facebook media profile were sent to the Facebook social network.

The main reason for the Court of Justice of the European Union to side against Fashion ID was that the company was using the Facebook like button for the commercial gain. Anytime the “like” button was pressed, a mini-ad was sent to all of that user’s friends and followers, in which they were informed about this fashion retailer. In this way, Fashion ID was selling more products.

The European Court of Justice ruled that the operator of a website could be considered a “data controller” under the terms and conditions that were outlined in the 2018 General Data Protection Regulation (GDPR). In this case, a “data controller”, must seek out the consent and explicit permission of its users. In a case when the “like” button is showing on any website, that that very website is liable for any kind of data that has been transferred from that data to Facebook. The only good news for the operators was that once the data resided within Facebook’s data – they had no further responsibility.

In order to remain on the good side of regulators and legislators, and to show that all of their social media tools comply, Facebook welcomed this change. They noted that the company “welcomed the clarity” that was brought by the decision involving a data transfer to Facebook, and furthermore suggested that they would do anything possible to comply with the rule. It has a lot to do with this decision being non-appealing, which means that Facebook could not fire the counter-attack. It is simply better to comply with the rule and to work closely with its partners in order to avoid further misfortunes.

The easiest way for Facebook would be to ask each website operator which uses Facebook like to ask for consent, in the same way, the users are asked for collecting cookies when the browse through various pages. Maybe some form of a consent pop-up window would be the best possible solution but it comes with the possibility of degrading the overall online user experience. Nobody wants to answer a bunch of questions every time they use a website. What if a Facebook like comes with a very confusing menu of privacy options? However, for their websites to embed the “like” button, website operators will have to comply with some sort of this process.

The main reason for this in a way the disastrous rule is that all that matters is that the “like” button is somewhere on the page users are browsing through, it will automatically trigger the need to obtain consent. The confusion of the user is guaranteed – you’ve logged out of your Facebook account but you are being asked if it’s OK if Facebook still collects your data. Furthermore, the potential problem for all of the website operators lies in the responsibility of theirs to show the reason for collecting and transmitting data to Facebook.

All of this makes one question pop into the mind – what is the future of Facebook like button? Maybe Facebook will indeed face the gradual rollback of its presence across the web. If the “like” button goes into history, everything may go downside. What is certain is that the users are nowadays more aware that they have to protect themselves from prying eyes and they will not allow a simple button ruining their privacy.

Source: Society for Computers and Law