EU advisor: Site with like button Facebook is jointly liable for data processing

A website operator who uses a third-party plug-in on its website with which personal data of the website visitor is collected and forwarded would be jointly responsible with this third party for the processing of personal data.

Michal Bobek, Advocate General of the European Court of Justice, advises the EU Court to establish this legally in accordance with the General Data Protection Regulation. The joint liability of the website operator is limited to the purposes or means of the data processing on which he himself has influence. This means that the administrator is not responsible for earlier or later stages of the ‘processing chain’ that he cannot determine himself.

This advice concerns an ongoing lawsuit about Fashion ID, a German online store that trades in fashion items. This website uses the Facebook like button. As a result, when an internet user visits, information about the IP address and other data is automatically forwarded to Facebook. The forwarding of the information takes place regardless of whether the like button is actually clicked. That is against the sore leg of a German consumer organization, which has launched a campaign to ban Fashion ID. This organization believes that the website with the Facebook plugin infringes the General Data Protection Regulation, which came into effect in May.

The Advocate General advises the Court to determine that the website visitor must give consent where necessary and that the administrator is obliged to provide the visitor with the required minimum information. Bobek does not take a position on the question of whether the processing of the personal data was lawful in this case; that judgment is up to the Court. The Advocate General’s advice is not binding, but is often considered weighty and is therefore adopted in many cases by the European Court of Justice.