Skip to content

On July 29, 2019, the Court of Justice of the European Union (CJEU) found that a website operator using a social media plugin is a joint controller with the social media company providing the plugin and can be held jointly liable in relation to such processing activities. Although the case was decided under the Privacy Directive 95/46, since the ruling concerns definitions that also exist under the General Data Protection Regulation (GDPR), website operators should take note and may want to review their previous legal bases determinations and notices as well as their existing contractual arrangements with the social media company to ensure they are in compliance with GDPR.

The case arose when a German consumer protection association sued a German online fashion retailer, Fashion ID, for allegedly breaching the then-existing national data protection laws when it enabled the transfer of visitors’ personal data to a third party via a social plugin. The German Higher Regional Court referred the matter to the CJEU.

In the proceedings it became apparent that the social media plugin (a “like” button) on Fashion ID’s website caused the visitor’s browser to request content from the company providing the plugin; then the browser transmitted the visitor’s personal data to the social plugin company. This happened as soon as the visitor consulted the website and regardless of whether or not the visitor:

  • was aware of such an operation;
  • was a member of the social media platform; or
  • had clicked on the plugin.

Click here for the full GT Alert on the CJEU’s finding, the website operator’s responsibilities, and key takeaways for website operators.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Gretchen A. Ramos Gretchen A. Ramos

Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her

Gretchen A. Ramos is Global Co-Chair of the Data, Privacy & Cybersecurity Practice. Gretchen is a creative problem-solver that various large tech clients rely on to handle their most challenging data protection issues. Clients appreciate not only her legal skills, but also her direct, no-nonsense approach in providing advice. She works closely with her clients to manage data and leverage its value in ways to meet compliance obligations, as well as deliver value to the business and instill consumer trust.

Photo of Carsten A. Kociok Carsten A. Kociok

Carsten Kociok focuses his practice on the technology industry. He has broad experience in the areas of Internet, information technology, electronic and mobile payments and new media, as well as regulatory and data protection law issues.

Carsten advises national and international companies from

Carsten Kociok focuses his practice on the technology industry. He has broad experience in the areas of Internet, information technology, electronic and mobile payments and new media, as well as regulatory and data protection law issues.

Carsten advises national and international companies from the Internet, payments and technology industries on the commercial and regulatory side of their business, in particular in the areas of e-commerce and e-business, electronic and mobile payments, service distribution, franchising, outsourcing and technology transactions. This includes all aspects of e-money and payments law, financial services law, data protection and data security regulations, money laundering obligations as well as marketing, unfair competition, consumer protection and general contract law.

Prior to joining the firm, Carsten worked at Olswang for eight years and in the Capital Transaction Practice Group of an international law firm in New York.

Photo of Greenberg Traurig Greenberg Traurig

Willeke Kemkers is a member of the IP / Tech department of Greenberg Traurig’s Amsterdam office. She focuses on a broad range of intellectual property issues, including proceedings, drafting of (commercial) contracts and providing of advice regarding transactions (mergers and acquisitions). Willeke also

Willeke Kemkers is a member of the IP / Tech department of Greenberg Traurig’s Amsterdam office. She focuses on a broad range of intellectual property issues, including proceedings, drafting of (commercial) contracts and providing of advice regarding transactions (mergers and acquisitions). Willeke also has deep knowledge of EU e-commerce regulations and regularly counsels clients with respect to the interpretation and application of the relevant laws.

Furthermore, Willeke counsels clients on a wide range of privacy issues such as data processing agreements, cross-border transfers of data, privacy policies and data breaches. With respect to the coming into force of the GDPR, Willeke prepared clients from many different industries (transport, medical, legal) to be GDPR compliant.

Willeke also has experience with drafting and reviewing of IT contracts including hosting (cloud), outsourcing (SaaS, Iaas and Paas) and IT development contracts.