Facebook has come under considerable criticism recently for the way it processes and protects personal data. One of the lesser known issues with Facebook is the way it tracks people who use the world wide web, but who don’t use Facebook. If your website has a Like button on it, you could be complicit in this.
Most people are aware that they can use Facebook for free, in return for seeing adverts, which are chosen based on information Facebook knows about them. That’s the deal people sign up to when they agree to Facebook’s terms and conditions, although few people actually read them.
What isn’t as well known is that Facebook also records information about visitors to millions of other websites around the world. It does this by using what Facebook calls ‘Social Plugins’. These are Facebook features, such as the Like button, which anyone can place on their own website.
When you visit a web page that has a Like button on it, your web browser passes certain information to Facebook, even if you don’t click the button. This allows Facebook to track the websites you visit and also to link them to your Facebook account, if you have one.
Some people care about this and others don’t. Privacy activist, Max Schrems, cared about it enough to complain. He addressed his complaint to the Irish Data Protection Commissioner, because Facebook Ireland Ltd. is the company that deals with all Facebook users in Europe. As a result of this, and other complaints, in 2011, the Irish Data Protection Commissioner made a number of recommendations to Facebook Ireland, including the conclusion that it does not use this data, “for the purpose of targeted advertising”. Despite this, Facebook’s relevant FAQ page still says that they may use the information gathered, “to show people more interesting and useful ads”. It doesn’t explicitly say whether they do this for users in the EU.
This week, the Court of Justice of the European Union ruled that, “The operator of a website that features a Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website”. This leaves companies open to prosecution under the GDPR if they have Like buttons on their websites without a lawful basis for sharing data with Facebook.
We added Facebook and Twitter links to our contact page in 2016. We looked into the Facebook Like button and we didn’t approve of the way it tracked our visitors, so we decided not to use it. Instead, we added a simple icon, with a link to Facebook. This doesn’t send any information to Facebook when you view our contact page. If you click on the icon, you will be taken to Facebook which, as you’d expect, is then responsible for the information it gathers.
Facebook isn’t the only company that uses social media buttons to enable tracking – we avoided the Twitter Follow button for similar reasons. If you have a website and it has a Facebook Like button on it, you could be helping Facebook to track people. You may not care about this, but you ought, in my view, to be aware of it.