Placing the Facebook like button on your website means your site will transfer certain personal data to Facebook about your website visitors. This happens even if they didn’t click the like button and irrespective of whether they’re a Facebook user.
The reason you would include the like button would be to get more visitors and sales through the pull of Facebook. There’s a shared commercial interest.
The European court has ruled in the Fashion ID case, a referral from the German court, that the website owner is joint data controller with Facebook.
To comply with GDPR, website owners must make it clear to visitors the types of data that will be passed to Facebook and what types of processing Facebook will do. Website owners will have no control over how Facebook would then use the data of course. That’s fine because they’re not responsible for how Facebook uses it; just to tell visitors the uses Facebook have actually declared.
The difficulty for website owners is that they might not be aware of this data transfer that they’re enabling and that they have responsibilities. Given all we know about Facebook’s use of personal data, you should assume that every time you offer Facebook functionality on your website, that they will get user data.
We await to see the detail and how the German court will apply the ruling, but there are already lessons to learn:
- Choose wisely which third party content to include on your website
- Read the third party terms for that content. Those third parties should make this data transfer clearer too
- Assume the third party will get the data
- Ideally the visitor should be able to control this data transfer like they should be able to control cookies
- Ideally Facebook should make this data transfer clearer too.
Still unsure? Get in contact with me.