German Court Rules Facebook “Like” Button Violates Consumer Data Privacy Rights

    View Authors March 2016
    A German court, Landgericht Duesseldorf, ruled on 9 March 2016 that implementing Facebook’s “like” buttons without a) explicitly and conspicuously informing the user of the website about the purpose and the use of the data to be transmitted, and/or b) obtaining consent from the user before transmitting his or her data, namely the IP address and the browser string to Facebook, and/or c) informing the user about his or her right to revoke consent with effect for the future at any time, violates German data protection law. The decision might apply similarly to other social media buttons used for LinkedIn, Twitter, Google+, etc.

    The court ruling followed a cease and desist request from the North Rhine-Westphalian Consumer Protection Association that was sent to a fashion retailer in relation to their website. The court stated that a mere link to a data protection declaration at the foot of the website was not sufficient to inform the user before his data was sent to Facebook.
    The decision is not yet final and binding. However, German Data Protection Authorities stated in 2011 that a website operator must clearly inform the users about the use of their data transferred to a social media operator.
    Following the publication of the association of all German Data Protection Authorities in 2011, the Authorities have not started to prohibit the use of the social media buttons used by thousands of companies in Germany. However, a clear legal and binding position has not yet been confirmed by German courts.