Skip to content

On July 29, 2019, the Court of Justice of the European Union (CJEU) found that a website operator using a social media plugin is a joint controller with the social media company providing the plugin and can be held jointly liable in relation to such processing activities. Although the case was decided under the Privacy Directive 95/46, since the ruling concerns definitions that also exist under the General Data Protection Regulation (GDPR), website operators should take note and may want to review their previous legal bases determinations and notices as well as their existing contractual arrangements with the social media company to ensure they are in compliance with GDPR.

The case arose when a German consumer protection association sued a German online fashion retailer, Fashion ID, for allegedly breaching the then-existing national data protection laws when it enabled the transfer of visitors’ personal data to a third party via a social plugin. The German Higher Regional Court referred the matter to the CJEU.

In the proceedings it became apparent that the social media plugin (a “like” button) on Fashion ID’s website caused the visitor’s browser to request content from the company providing the plugin; then the browser transmitted the visitor’s personal data to the social plugin company. This happened as soon as the visitor consulted the website and regardless of whether or not the visitor:

  • was aware of such an operation;
  • was a member of the social media platform; or
  • had clicked on the plugin.

Click here for the full GT Alert on the CJEU’s finding, the website operator’s responsibilities, and key takeaways for website operators.

Tags: Carsten Kociok, data privacy & cybersecurity, eprivacy regulation, European Union, fashion beauty & luxury goods, GDPR, Germany ¬, Greenberg Traurig, greenberg traurig amsterdam, Gretchen Ramos, GT, gtlaw, gt_law, privacy, social media, Willeke Kemkers
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Gretchen A. Ramos Gretchen A. Ramos

Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her

Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach in providing advice. She works closely with her clients to manage data and leverage its value in ways to meet compliance obligations, as well as deliver value to the business and instill consumer trust.

Read more about Gretchen A. RamosGretchen A.'s Linkedin Profile
Show more Show less
Photo of Carsten A. Kociok Carsten A. Kociok

Carsten Kociok is a partner in the Technology, Financial Services and Data Privacy Practice in Berlin and Co-Head of Greenberg Traurig’s global Fintech Group. He advises national and international clients across all industries, including financial services, information technology, artificial intelligence, ecommerce, media, health

Carsten Kociok is a partner in the Technology, Financial Services and Data Privacy Practice in Berlin and Co-Head of Greenberg Traurig’s global Fintech Group. He advises national and international clients across all industries, including financial services, information technology, artificial intelligence, ecommerce, media, health care, telecoms, retail and real estate, on a wide variety of complex commercial and regulatory matters.

Carsten is a leading technology lawyer, ranked consistently in Band 1 for Fintech Legal in Germany since 2020. He has in-depth and wide-ranging experience in the areas of privacy and cybersecurity, payments law, financial services, e-money products, blockchain technology, and financial and banking regulation, as well as in artificial intelligence regulation – including compliance with the EU AI Act – and the integration of AI technologies into existing software systems.

Carsten regularly assists clients in licensing projects and audit proceedings with financial regulators and advises on the contractual and regulatory aspects of developing, implementing and operating financial technology products and transactions.

On the data privacy side, Carsten counsels clients on complex data-driven business models and regulatory matters, including on international data transfers, data privacy compliance, monetization of data, artificial intelligence, litigation, cybersecurity and data breach response.

Carsten regularly lectures and publishes on various FinTech and data privacy topics. Prior to joining the firm, Carsten worked at Olswang Germany for eight years and in the Capital Transaction Practice Group of an international law firm in New York.

Read more about Carsten A. KociokCarsten's Linkedin Profile
Show more Show less
Photo of Greenberg Traurig Greenberg Traurig

Willeke Kemkers is a member of the IP / Tech department of Greenberg Traurig’s Amsterdam office. She focuses on a broad range of intellectual property issues, including proceedings, drafting of (commercial) contracts and providing of advice regarding transactions (mergers and acquisitions). Willeke also

Willeke Kemkers is a member of the IP / Tech department of Greenberg Traurig’s Amsterdam office. She focuses on a broad range of intellectual property issues, including proceedings, drafting of (commercial) contracts and providing of advice regarding transactions (mergers and acquisitions). Willeke also has deep knowledge of EU e-commerce regulations and regularly counsels clients with respect to the interpretation and application of the relevant laws.

Furthermore, Willeke counsels clients on a wide range of privacy issues such as data processing agreements, cross-border transfers of data, privacy policies and data breaches. With respect to the coming into force of the GDPR, Willeke prepared clients from many different industries (transport, medical, legal) to be GDPR compliant.

Willeke also has experience with drafting and reviewing of IT contracts including hosting (cloud), outsourcing (SaaS, Iaas and Paas) and IT development contracts.

Read more about Greenberg TraurigWilleke's Linkedin Profile
Show more Show less
Related Posts
BlogImageforGTNewsandAlerts
Webinar – Cameratoezicht en privacy: Praktische do’s en don’ts
November 9, 2020
shutterstock_1722827815
Dutch Data Protection Authority approves Code of Conduct for Data Processors in the ICT Sector
September 8, 2020
Euros
Last Call for Global Minimum Tax Compliance: Considerations for Multinationals Operating in the EU
December 10, 2024