The use of so-called plug-ins, such as the "Like button" from Facebook and social plug-ins from comparable social media platforms, are becoming increasingly popular among companies.
According to the "Düsseldorfer Kreis", the use of Facebook's "Like Button" and comparable plug-ins of other social media platforms is currently against data protection. The Düsseldorfer Kreis is an informal association of the highest supervisory authorities that "monitor" data protection compliance in the non-public sector in Germany.
In a decision of 8 December 2011, the Düsseldorfer Kreis expressly pointed out that, in its view, providers based outside the European Economic Area are also subject to German national data protection law with regard to the data of data subjects in Germany pursuant to Section 1 (5) sentence 2 BDSG.
The Düsseldorfer Kreis is of the opinion that website operators who integrate social plug-ins on their website or present themselves with fan pages in a network have their own responsibility with regard to the data of users who use this offer. Therefore, in the opinion of the Düsseldorfer Kreis, these companies also run the risk of committing legal violations themselves if the provider of a social network, such as Facebook, collects data of their users by means of social plug-ins and thereby violates existing legal regulations, in particular data protection regulations. If a company, as a website operator, cannot monitor the data processing that may take place via a plug-in, companies may not, in the opinion of the Düsseldorfer Kreis, integrate these "plug-ins" into their own offerings without further ado.
Effective consent to the use of social plug-ins is also probably not possible at present, as it is currently unknown to Facebook and the other social media platforms what data is transmitted when the button is pressed, e.g. at Facebook. However, it would only be possible to effectively consent to the use of social plug-ins if the user who presses this plug-in knows beforehand what data is transmitted to Facebook and the other socialmedia platforms. As long as this is not known, effective consent to the use of social plug-ins is not possible. Therefore, none of the consents suggested by many sites are currently effective either.
Previously, the ULD, the independent centre for data protection in Schleswig-Holstein, had already announced that it considered Facebook's "Like" button to be illegal. The ULD has therefore already announced in a press release of 19 August 2011 that it expects all website operators in Schleswig-Holstein "to immediately stop passing on data about their users to Facebook in the USA by deactivating the corresponding services." Furthermore, all website operators in Schleswig-Holstein were informed that if this cessation did not take place by the end of September 2011, the ULD would take further measures. After going through the legally prescribed hearing and administrative procedure, complaints could be made in the case of public bodies, and prohibition orders and fine proceedings could be initiated in the case of private bodies and companies. The maximum fine for violations of the TMG is 50,000.00 €.
It is currently not known whether other federal states outside of Schleswig-Holstein will now also initiate corresponding proceedings against website operators. However, the decision of the Düsseldorfer Kreis was not to be expected in this clarity. Until now, it was generally assumed that the ULD held a relatively minority opinion regarding the use of "social media plug-ins". This assumption has now been disproved by the decision of the Düsseldorfer Kreis. Even though the name of the internet platform Facebook was expressly not mentioned in the context of the Düsseldorf Circle's decision, it is clear that the Düsseldorf Circle's decision clearly refers to the social network Facebook as the industry leader.
In view of this current legal and factual situation, website operators should only decide to use Facebook's "Like button" and/or other "social plug-ins" after obtaining prior legal advice. The opportunities and risks of such use should be weighed up beforehand.
Please do not hesitate to contact us if you have any questions on this topic.
Goldberg Attorneys at Law
Michael Ullrich, LL. M. (Information Law)
Attorney at Law and
Specialist Lawyer for Information Technology Law (IT Law)
