Pexels 2019, Photo: Pixabay
The Court of Justice of the European Union decided last Monday that websites which are using Facebook’s “Like” button should inform their visitors that Facebook will have access to their personal data. Otherwise, they will be held responsible for data breaching jointly with the US tech giant since the data are transmitted to the latter at the moment the site loads regardless of the visitor clicking on the button or has an account on Facebook.
This ruling clearly creates concerns to businesses which could face changes in the way they work; a year after the implementation of the General Data Protection Regulation (GDPR) rules. As it seems, Facebook is not anymore the only one to be blamed but companies using its plug-ins and tools risk facing fines and sanctions. The same of course would apply for the rest of social media companies which offer their plug-ins in order for the firms to be advertised via their platforms.
Background
The decision of the EU Supreme Court came after Verbraucherzentrale NRW, a German public-service association, which criticized Fashion ID in 2015 for transmitting to Facebook personal data of visitors to its website without their consent. Fashion ID, a German online clothing retailer, embedded on its website the Facebook ‘Like’ button which had as a consequence that when someone visits the website of Fashion ID, her personal data are transmitted to the social media company immediately without even having clicked on the button.
In this case, the European Court of Justice (ECJ) found that Fashion ID can be considered to be a controller jointly with Facebook referring to the operations “involving the collection and disclosure by transmission to Facebook Ireland of the data at issue, since it can be concluded that Fashion ID and Facebook Ireland determine jointly the means and purposes of those operations”. Since Fashion ID is benefiting from this button optimizing the publicity for its goods and thus gaining economic and commercial advantage, it can be considered as a joint controller and responsible for not having the visitors’ consent, according to the court. However, Fashion ID cannot be considered to be a controller regarding the operations processed by Facebook after those data have been transmitted to the latter.
Therefore, both companies have to ask for user’s permission, have a privacy policy and ensure that data are stored in respect with the privacy legislation rules.
Facebook’s response
Facebook representatives responded to this stringent decision by confirming that they will make sure that the tools of the tech giant are in line with the EU privacy laws. More specifically, Facebook’s associate general counsel Jack Gilbert said in a statement: “Website plugins are common and important features of the modern internet. We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law.”
However, it is very difficult and vague to ensure that the user’s private data such as the IP address and browser string is not transferred to Facebook immediately without having clicked on the plugin buttons. How the US large corporation and the rest social media and networking companies can prove that? Businesses, from small start-ups and non-profits to huge conglomerates, would have to adapt to this ruling which would cost them time and money. The advantage that a company might have from a social media “Like” or “Share” can be broadly interpreted and can alter the business model of many websites in order to align with this. Even if this case was referring only to the Facebook “Like” button, it might be expanded to the rest og tools and features of all the social media companies.
Bitkom, a German trade federation for online businesses, said that this decision “would heap costly bureaucracy on firms without enhancing consumer protection”.
BEUC welcomes ECJ ruling
The European Consumer Organisation BEUC welcomed the decision of the EU top court to protect the private data of the internet users and outlined the importance of the ability of every user to be informed and provide its consent for the data used by the internet companies. In detail, Monique Goyens, Director General of BEUC, stated: “As a result of this case, companies that embed this ‘like’ button on their website cannot hide behind Facebook any longer. The decision therefore underlines the right for internet users to always get information on what data are collected and how they are used by websites”.
The next day for EU websites
How ECJ’s decision is going to influence European websites which use the social media tools to be advertised or just to become more popular? It could be that they choose to delete all those plugins in one night or leave them as it is and risk being fined or create a mechanism which will be asking the user to provide her consent for the data to be transmitted to Facebook or any other social media before the website even loads. Therefore, as GDPR forced all companies to comply with, this ruling will certainly make companies consider changing their website.
All in all, it seems that large tech corporations cannot be totally handled by regulators and judges as far as the data privacy breaches are concerned. Consequently, the companies which use the features of social media are now treated like sitting ducks. Why should a tiny website pay for the ineffectiveness of regulators to make the giant (Facebook) abide by well established data privacy rules? Surely, protecting the fundamental rights and freedoms of persons and in particularly their right to privacy regarding the processing of personal data is crucial. However, creating extra costs again and again to small websites because Facebook is untouchable is not good market practice whatsoever.
We don’t need Facebook
In fact, good news websites have their own passionate and thinking readers who may not even have a Facebook account. Thus, good and successful websites couldn’t care less about the plugins of Facebook and Twitter. Hence, given this new market polemic they might as well scrap all social media plugins overnight and that is the end of the story. The good websites, with the scope to enable greater democratic dialogues, do a favour to social media for hosting their plugins and not vice-versa. Websites and online media shouldn’t be ever treated as ping pong balls.
Instead, best of luck indeed should wished to our good regulators to tame the real responsible for Cambridge Analytica and so many data privacy breachers, who resides at Menlo Park, California.
Leave a Reply