A German court ruled on Wednesday that the transfer of data to Facebook by websites via the ‘Like’ button without user consent infringes German and European Union privacy laws.
The consumer association of the state of North Rhine-Westphalia sued two e-commerce websites over the transfer of data to Facebook using “Like” buttons.
The Dusseldorf court ruled that the companies must inform users that clicking the ‘Like’ button may mean that their IP addresses are transferred to Facebook.
The consumer organization said the button is used by Facebook to install software on computers. It argued that this can be used to compile a profile of the user whether they have a Facebook account or not. This happens via a cookie, which is placed on the user’s computer and enables the data transfer. A transfer of data may even occur without user interaction with the ‘Like’ button.
A spokesperson for Facebook said the case is ‘specific to a particular website and the way they have sought consent from their users in the past.’
The verdict could have repercussions for all companies which use the ‘Like’ button in Germany and across the EU.
EU Cookie Law
The EU has long had what is known as the Cookie Law – the Directive on Privacy and Electronic Communications. Websites operating in the EU are required to obtain consent from visitors to store or retrieve any information from them or their devices.
The directive was designed to protect online privacy by requiring online services to make users aware of how information about them may be collected and used, and to give them a choice over whether or not to allow this data transfer.