EU court rules websites liable for secretly sending user data to Facebook

Cal Jeffrey

Posts: 2,456   +562
Staff member

The Court of Justice of the European Union found that websites containing Facebook’s Like widget send browsing data to the social media giant whether the user clicks the widget or not.

This data sharing violates Europe’s General Data Protection Regulation (GDPR). The ruling does not demand the halt of using these APIs, but a website must obtain consent from users before the information is sent. Currently, the tool sends data as the page loads. By the time a user realizes the site has a Like button, it has already transmitted the information to Facebook, leaving the visitor no way to opt-out.

From now on, websites will have to get permission before sending browsing data despite not being actively involved. There is no way to do this with the current plugin without removing it entirely. Facebook developers will likely have to change the coding of the widgets to comply.

The ruling comes after a lawsuit against the online clothing store Fashion ID. Even though the website was not in active control of the data, the court ruled that its owners could still be held responsible for transmitting the information to Facebook.

"Website plugins are common and important features of the modern Internet. We welcome the clarity that today’s decision brings to both websites and providers of plugins and similar tools."

“Fashion ID’s embedding of the Facebook ‘Like’ button on its website allows it to optimize the publicity for its goods by making them more visible on the Facebook social network,” the court said in a press release.

Since this information is used to make Fashion ID more visible on the platform, it is gaining a commercial and financial benefit on the back of the consumer’s data.

Facebook’s Associate General Counsel Jack Gilbert responded to the ruling saying that the company appreciated the “clarity” the decision brought to the situation.

“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law,” Gilbert said in a statement to TechCrunch.

Not only can users expect to see changes to how the plugins work, but also how websites notify them of the widget’s data collection. We’ve already seen a marked increase to the notices received when visiting sites that the GDPR has required. If the trend continues, we might have a whole page of consent notifications to read before getting to the actual meat of the website.

Image credit: Hadrian via Shutterstock

Permalink to story.

 

GregonMaui

Posts: 211   +80
I have a feeling a whole bunch of new info stealing claims are going to surface soon. I am beta tester in iOS 13 and macOS Catalina which have enhanced app permissions, the number of apps asking to have access to stuff they shouldn't want is amazing, Bluetooth (even when there is no Bluetooth function in App), system events (google), screen recording (google), full disk access (google chrome). I love app permissions, but why are the sneaky hobittses trying to get this anyway?.
 

Bullwinkle M

Posts: 349   +221
I have a feeling a whole bunch of new info stealing claims are going to surface soon. I am beta tester in iOS 13 and macOS Catalina which have enhanced app permissions, the number of apps asking to have access to stuff they shouldn't want is amazing, Bluetooth (even when there is no Bluetooth function in App), system events (google), screen recording (google), full disk access (google chrome). I love app permissions, but why are the sneaky hobittses trying to get this anyway?.
I "LIKE" your comment

Now sending your data to Facebook!
 

PurpleYoda

Posts: 115   +78
I have a feeling a whole bunch of new info stealing claims are going to surface soon. I am beta tester in iOS 13 and macOS Catalina which have enhanced app permissions, the number of apps asking to have access to stuff they shouldn't want is amazing, Bluetooth (even when there is no Bluetooth function in App), system events (google), screen recording (google), full disk access (google chrome). I love app permissions, but why are the sneaky hobittses trying to get this anyway?.
So what happens if you don't give Chrome access to your hdd? I mean it needs to store cache but otherwise what? And will it run at all or will it crash?
 

jpuroila

Posts: 201   +104
I have a feeling a whole bunch of new info stealing claims are going to surface soon. I am beta tester in iOS 13 and macOS Catalina which have enhanced app permissions, the number of apps asking to have access to stuff they shouldn't want is amazing, Bluetooth (even when there is no Bluetooth function in App), system events (google), screen recording (google), full disk access (google chrome). I love app permissions, but why are the sneaky hobittses trying to get this anyway?.
I mean, a browser DOES need disk access if you want to use it to do things like upload images...
 

Graloc25

Posts: 37   +10
Maybe a USB drive to facilitate, then wipe it when you're done, that should stuff their spyware.