Do you have a Facebook “Like” button on your website or anything similar from other social sharing organisations?
If you deploy Facebook’s ubiquitous “Like” button on your website you risk falling foul of the General Data Protection Regulation following a landmark ruling by the European Court of Justice.The EU’s highest court has declared that website owners can be held liable for data collection when using the so-called “social sharing” widgets
The ruling (PDF) states that employing such widgets makes the organisation a joint data controller, along with Facebook.Consequently, if you do, you must provide, at the time of collection, certain information to visitors such as, for example, its identity and the purposes of the data processing”.This decision by the ECJ also applies to services like Twitter and LinkedIn.
The case that brought social sharing widgets to the attention of the ECJ involved German fashion retailer Fashion ID, which placed Facebook’s “Like” button on its website and was subsequently sued by a consumer rights group.Fashion ID was declared to be the joint data controller and needed to obtain prior consent for the collection and transmission of data collected in this manner according to the ECJ’s judgement.
Conclusion: Using such widgets on your website is unlikely to be worth the resulting GDPR minefield and should be seriously and urgently reconsidered – and in virtually all cases they should be removed.