The use of so-called plug-ins, such as Facebook's “Like Button” and social plug-ins from comparable social media platforms, is becoming increasingly popular among companies.
According to the “Düsseldorfer Kreis,” the use of Facebook's “Like Button” and comparable plug-ins from other social media platforms currently violates data protection law. The Düsseldorfer Kreis is an informal association of the highest supervisory authorities responsible for “monitoring” data protection compliance in the non-public sector in Germany.
In a resolution dated December 8, 2011, the Düsseldorfer Kreis explicitly stated that, in its view, providers based outside the European Economic Area are also subject to German national data protection law concerning the data of data subjects in Germany, pursuant to § 1 para. 5 sentence 2 BDSG.
The Düsseldorfer Kreis holds that website operators who integrate social plug-ins on their websites or maintain fan pages within a network bear their own responsibility for the data of users engaging with these offerings. Consequently, according to the Düsseldorfer Kreis, these companies risk committing legal violations themselves if a social network provider, such as Facebook, collects user data via social plug-ins and thereby contravenes existing legal provisions, particularly data protection regulations. If a company, acting as a website operator, cannot oversee the data processing potentially occurring through a plug-in, then, in the view of the Düsseldorfer Kreis, such “plug-ins” should not be integrated into their own offerings without due consideration.
Furthermore, effective consent for the use of social plug-ins is currently likely not feasible, as it is presently unknown to Facebook and other social media platforms precisely which data is transmitted when a button, such as Facebook's, is pressed. Effective consent for the use of social plug-ins would only be possible if the user activating the plug-in were fully aware of the data being transmitted to Facebook and other social media platforms. As long as this information remains undisclosed, valid consent for the use of social plug-ins cannot be obtained. Consequently, none of the consent mechanisms currently proposed by various parties are effective.
Previously, the ULD, the Independent Centre for Data Protection of Schleswig-Holstein, had already declared Facebook's “Like Button” to be unlawful. Consequently, in a press release dated august 19, 2011, the ULD announced its expectation that all website operators in Schleswig-Holstein “immediately cease the transfer of user data to Facebook in the USA by deactivating the corresponding services.” Furthermore, all website operators in Schleswig-Holstein were advised that if this cessation was not implemented by the end of September 2011, the ULD would initiate further measures. Following the legally mandated hearing and administrative procedures, complaints could be filed against public entities, while prohibition orders and fine proceedings could be initiated against private entities and companies. The maximum fine for violations of the TMG is €50,000.00.
It is currently unknown whether other federal states outside Schleswig-Holstein will now initiate similar proceedings against website operators. However, the decision of the Düsseldorfer Kreis was not anticipated with such unequivocal clarity. Previously, it was generally assumed that the ULD held a relatively minority opinion regarding the use of “social media plug-ins.” This assumption has now been refuted by the resolution of the Düsseldorfer Kreis. Although the name of the internet platform Facebook was not explicitly stated in the Düsseldorfer Kreis's resolution, it is evident that the decision unequivocally pertains to the social network Facebook as the industry leader.
In light of this current legal and factual situation, website operators should only decide to implement Facebook's “Like Button” and/or other “social plug-ins” after obtaining prior legal advice. The opportunities and risks associated with such usage should be thoroughly assessed beforehand.
Please do not hesitate to contact us should you have any further questions on this matter.
Goldberg Attorneys at Law
Michael Ullrich, LL. M. (Information Law)
Attorney at Law and
Specialist Lawyer for Information Technology Law (IT Law)
