On July 29, the Court of Justice of the European Union (ECJ) found that website operators are liable for data protection violations that arise from the use of third-party widgets and plug-ins, such as Facebook’s “Like” and “Share” buttons. The case (C-40/17) was brought against a German online retailer Fashion ID that shared data with Facebook through a “Like” button embedded on its site. The ECJ held that publishers can be data controllers jointly with Facebook, and other similar plug-in creators, when using such widgets, and therefore liable for violations of the EU data protection rules. Publishers embedding social plug-ins must therefore seek user consent for the data transfer. The European General Data Protection Regulation (GDPR) came into force in May 2018 and sets stringent data protection standards for companies operating in Europe. Read more about the decision here.
Members of the News Media Alliance staff have contributed to this post.