Website operators are liable for data processing of like buttons

To the German Version of the website.

Just call!

03322 5078053

Website operators are liable for data processing of like buttons

As early as the end of last year, I had reported that the Advocate General of the ECJ had recommended that the Court of Justice decide that a website operator, together with Facebook, would be liable for data breaches of like buttons(see this post).

As is so often the case, the ECJ has today endorsed this view.

In its judgment, the Court first of all makes it clear that the old Data Protection Directive does not preclude the fact that associations in order to safeguard consumer interests are allowed to defend against the alleged infringer of rules on the protection of personal data. bring an action.

The Court points out that the new General Data Protection Regulation now expressly provides for this possibility.

The Court then finds that a website operator does not appear to be liable for the data processing operations carried out by Facebook Ireland after the data was transmitted to it. At first sight, it seems impossible for the latter to decide on the purposes and means of those transactions.

Auch interessant: Defend yourself against IGD warnings?

On the other hand, the operator may be regarded as jointly responsible with Facebook Ireland for the operations of the collection of the data in question and their forwarding by transmission to Facebook Ireland, since (subject to the verification) can be assumed that the website and Facebook Ireland jointly decide on the purposes and means.

The reason for this is that the user of the Like button is given the opportunity to optimize his own advertising by making it more visible on the social network Facebook when a visitor clicks on the button.

In order to be able to benefit from that economic advantage, which consists of such improved advertising, the supplier at least tacitly consents to the
collection of personal data of visitors and their disclosure by
transmission. In doing so, these processing processes are carried out in the economic
interest of both the website operator and Facebook Ireland.

However, in the case in which the data subject has given his consent, the data subject must only be obtained for the transactions for which the operator is (co-)responsible, i.e. the collection and transmission of the data.

Marian Härtel

Marian Härtel is a lawyer and entrepreneur specializing in copyright law, competition law and IT/IP law, with a focus on games, esports, media and blockchain.

0 0 votes

Artikelbewertung

0 Kommentare

Inline Feedbacks

View all comments

Information regarding Translations This Blog has more than 750 Blogposts that were posted in German. Thus I decided to provide an automated translation by Deepl.com for all the content. If you find anything awkward, pleas report it through the tool on the left hand side. As a lawyer, I do provide legal consultation in Europe and Germany in English and due to my time in the USA and my job history, I am able to provide contract drafting and contract consultation in business English.