EU says sites using Facebook's Like button are responsible for your data

They might have to seek your permission before sending information to Facebook.

The highest court in the EU has issued a ruling that affects websites using Facebook's Like button plugin. It determined sites should obtain the consent of visitors before the plugin captures and sends their data to Facebook, whether or not you click the Like button. Alternatively, sites will have to prove there's a legitimate reason for collecting data and transmitting it to Facebook.

The Court of Justice of the European Union (CJEU) ruling emerged after a German consumer group sued a company called Fashion ID. The group claimed the retailer breached rules regarding personal data protection through the use of the Like button. A German court requested guidance from the CJEU.

"The consequence of embedding that button appears to be that when a visitor consults the website of Fashion ID, that visitor's personal data are transmitted to Facebook Ireland," the CJEU said. "It seems that that transmission occurs without that visitor being aware of it and regardless of whether or not he or she is a member of the social network Facebook or has clicked on the 'Like' button."

The sites share liability with Facebook for data captured and transmitted this way. However, they're not responsible for what Facebook then does with the data.

As a result of the ruling, Facebook might have to tweak how the Like button works. You might start to see more sites ask for explicit permission to transmit your data via the Like button, in a similar way to how they ask you to confirm your cookie preferences now.

"We are carefully reviewing the court's decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law," Facebook's associate general counsel Jack Gilbert told Reuters.