Blog » THE FACEBOOK “LIKE” BUTTON AND WHAT LIES BEYOND – LUXEMBOURG RULED
THE FACEBOOK “LIKE” BUTTON AND WHAT LIES BEYOND – LUXEMBOURG RULED
21 August 2019
Before the summer break the Court of Justice of the European Union made a decision in a data protection related matter which concerned Facebook as well. The decision may be interesting and useful for everybody who embeds of his website the Facebook “Like” button. In our short article we summarize the most important findings of the Court.
1. The illustrious „Like” button the webpage of Fashion ID
Fashion ID is a German online clothing retailer who embedded on his website the Like social plugin of Facebook.
Embedding the Facebook „Like” button on a webpage basically means that the personal data of the visitors of the that webpage (IP address, browser data) will be transmitted to Facebook.
In relation with the transmission of the data it is irrelevant whether the webpage visitor clicks the “Like” button or not or whether he is a Facebook member or not. That means that someone’s data will be transmitted to Facebook if he visited a webpage on which the Facebook “Like” button was embedded.
2. The consumer protection strikes back
The Verbraucherzentrale NRW, a German association tasked with safeguarding the interest of consumers could not remain indifferent to the fact that the data of the visitor of Fashion ID’s webpage will be obtained by Facebook without the knowledge of the webpage visitor.
That is why Verbraucherzentrale NRW decided to sue Fashion ID to force it to stop that practice. The first instance court party decided in the favour of Verbraucherzentrale NRW but Fashion ID appealed the decision, furthermore Facebook also intervened in the appeal.
In the appeal procedure the court decided that it is necessary for the Court of the European Union to decide in certain data protection related matters thus he requested a preliminary ruling.
3. The main data protection related question and the decision of the Court
The most important data protection related question of the case was whether the operator of a webpage who embeds on his webpage a social plugin which transmits data to the provider of that social plugin can be considered as controller despite that he is unable to influence the processing of the data transmitted.
When examining the question, the Court divided the data processing activities into to categories: to the data processing until the transmission and after the transmission of the data to Facebook. it can be established that after the transmission of the data Fashion ID does not have any influence on the data processing. By contrary, in relation with the collection of the data by the webpage and their transmission to Facebook it may occur that Fashion ID determine the purposes of the processing jointly with Facebook.
Indeed, embedding the “Like” button may provide more publicity to Fashion ID while it may be beneficial to Facebook that he may be able to use the collected data for his commercial purposes. This means that the data processing is carried in the economic interests of both parties, for their jointly determined purpose which could be the basis of them being joint controllers. Further, the fact that Fashion ID does not have access to the collected and transmitted data does not preclude him from being a controller.
4. What are the consequences of being joint controllers?
Given the fact that in relation with the collection and transmission of the personal data to Facebook Fashion ID could be considered as a (joint) controller, by the time of the collection of the data he shall inform the webpage visitors about the data processing activities.
This is particularly important since those people can also visit Fashion ID’s webpage who are not members of Facebook and do not have a Facebook account. Regarding those people the liability of Fashion ID as the webpage operator is even higher.
In fact, basically it is Fashion ID who is in the position to inform the data subjects about the circumstances of the data processing by placing a privacy notice on his webpage and especially about the fact that the mere consulting of the webpage will result in a data transmission to Facebook.
5. Lesson learnt
The basic lesson is that the capacity and liability of (joint) controllership can be based on the joint determination of the processing purposes, for example the common economic interest of the controllers. The capacity of being a controller is independent of the fact whether the controller has access or not to the data.
In brief: if you have influence on the purpose of the processing you may be considered as a controller even if you do not store or do not have access to that data.
As a rather specific lesson you should bear in mind that in case you embed on your webpage the Facebook “Like” button you may be considered as a joint controller together with Facebook and you need to inform the visitors of your webpage that their data will be transmitted to Facebook.
CAN THE CHOICE OF COURT AMOUNT TO THE CHOICE OF LAW? – THE SUPREME COURT DECIDED
Shall it be considered as the choice of the English law if the party first starts a litigation in England regarding to a Hungarian project? How much of a role do the procedural acts of the parties play in relation to the choice of law applicable to a contract? In this article we analyse the fresh judgement of the Supreme Court, in which, among others, the highest court addressed the issue of the tacit choice of law.Read more »
TEMPORARY EMPLOYMENT AT DIFFERENT EMPLOYER IN HUNGARY – NEW LEGAL RELATIONSHIP?
What are the main risks if you employ your staff at different employer, within or outside the company group? Is that a new legal relationship, is remuneration payable for that, or the “good old” labour contract can cover this situation? In a recent judgement the Hungarian Supreme Court Curia addressed these questions. In our short article we analyse the judgement and summarize what you as an employer should consider if you would like to temporary reassign your employee.Read more »
OVERVIEW OF THE TRAVEL RESTRICTIONS TO HUNGARY FROM 1st SEPTEMBER 2020
Travel restrictions to Hungary (“Travel Restrictions”) can be regulated on unilateral, bilateral or multilateral level. So far, we have knowledge about one unilateral and three bilateral travel restrictions adopted by the Hungarian government, so this overview will be focused on these. However, given the fast-changing nature of the situation, it can be the case that more bilateral agreement will be adopted, that change the current legal environment.Read more »