Offbeat

Legal

It's official: Deploying Facebook's 'Like' button on your website makes you a joint data slurper

Using widgets probably not worth the GDPR minefield


Organisations that deploy Facebook's ubiquitous "Like" button on their websites risk falling foul of the General Data Protection Regulation following a landmark ruling by the European Court of Justice.

The EU's highest court has decided that website owners can be held liable for data collection when using the so-called "social sharing" widgets.

The ruling (PDF) states that employing such widgets would make the organisation a joint data controller, along with Facebook – and judging by its recent record, you don't want to be anywhere near Zuckerberg's antisocial network when privacy regulators come a-calling.

'Purposes of data processing'

According to the court, website owners "must provide, at the time of their collection, certain information to those visitors such as, for example, its identity and the purposes of the [data] processing".

By extension, the ECJ's decision also applies to services like Twitter and LinkedIn.

Facebook's "Like" is far from an innocent expression of affection for a brand or a message: its primary purpose is to track individuals across websites, and permit data collection even when they are not explicitly using any of Facebook's products.

The case that brought social sharing widgets to the attention of the ECJ involved German fashion retailer Fashion ID, which placed Facebook's big brother button on its website and was subsequently sued by consumer rights group Verbraucherzentrale NRW.

The org claimed the fact that Fashion ID's website users were automatically surrendering their data – including IP address, browser identification string and a shedload of cookies – contravened the EU Data Protection Directive (DPR) of 1995, which has since been superseded by much stricter General Data Protection Regulation (GDPR).

In 2016, Fashion ID lost in a Dusseldorf regional court, and appealed to a higher German court, with Facebook joining in the appeal. The case was then escalated to the ECJ, with the outcome closely watched by law and privacy experts.

On Monday, the ECJ ruled that Fashion ID could be considered a joint data controller "in respect of the collection and transmission to Facebook of the personal data of visitors to its website".

The court added that it was not, in principle, "a controller in respect of the subsequent processing of those data carried out by Facebook alone".

'Consent'

"Thus, with regard to the case in which the data subject has given his or her consent, the Court holds that the operator of a website such as Fashion ID must obtain that prior consent (solely) in respect of operations for which it is the (joint) controller, namely the collection and transmission of the data," the ECJ said.

The concept of "data controller" – the organisation responsible for deciding how the information collected online will be used – is a central tenet of both DPR and GDPR. The controller has more responsibilities than the data processor, who cannot change the purpose or use of the particular dataset. It is the controller, not the processor, who would be held accountable for any GDPR sins.

In its response to the ruling, Facebook decided to pretend that the "Like" button was just an average website plugin: "We welcome the clarity that today's decision brings to both websites and providers of plugins and similar tools," Jack Gilbert, Associate General Counsel at Facebook, said in a statement.

"We are carefully reviewing the court's decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law."

Nothing Facebook does seems to hurt its sales: the company has just reported second quarter results, growing its revenue 28 per cent year-on-year to reach $16.6bn. ®

Send us news
88 Comments

It's one thing to have the world in your hands – what are you going to do with it?

Google won the patent battle against ART+COM, but we were left with little more than a toy

Column I used to think technology could change the world. Google's vision is different: it just wants you to sort of play with the world. That's fun, but it's not as powerful as it could be.

Despite the fact that it often gives me a stomach-churning sense of motion sickness, I've been spending quite a bit of time lately fully immersed in Google Earth VR. Pop down inside a major city centre – Sydney, San Francisco or London – and the intense data-gathering work performed by Google's global fleet of scanning vehicles shows up in eye-popping detail.

Buildings are rendered photorealistically, using the mathematics of photogrammetry to extrude three-dimensional solids from multiple two-dimensional images. Trees resolve across successive passes from childlike lollipops into complex textured forms. Yet what should feel absolutely real seems exactly the opposite – leaving me cold, as though I've stumbled onto a global-scale miniature train set, built by someone with too much time on their hands. What good is it, really?

Continue reading

Why Cloud First should not have to mean Cloud Everywhere

HPE urges 'consciously hybrid' strategy for UK public sector

Sponsored In 2013, the UK government heralded Cloud First, a ground-breaking strategy to drive cloud adoption across the public sector. Eight years on, and much of UK public sector IT still runs on-premises - and all too often - on obsolete technologies.

Today the government‘s message boils down to “cloud first, if you can” - perhaps in recognition that modernising complex legacy systems is hard. But in the private sector today, enterprises are typically mixing and matching cloud and on-premises infrastructure, according to the best business fit for their needs.

The UK government should also adopt a “consciously hybrid” approach, according to HPE, The global technology company is calling for the entire IT industry to step up so that the public sector can modernise where needed and keep up with innovation: “We’re calling for a collective IT industry response to the problem,” says Russell MacDonald, HPE strategic advisor to the public sector.

Continue reading

A Raspberry Pi HAT for the Lego Technic fan

Sneaking in programming under the guise of plastic bricks

There is good news for the intersection of Lego and Raspberry Pi fans today, as a new HAT (the delightfully named Hardware Attached on Top) will be unveiled for the diminutive computer to control Technic motors and sensors.

Continue reading

Reg scribe spends week being watched by government Bluetooth wristband, emerges to more surveillance

Home quarantine week was the price for an overseas trip, ongoing observation is the price of COVID-19

Feature My family and I recently returned to Singapore after an overseas trip that, for the first time in over a year, did not require the ordeal of two weeks of quarantine in a hotel room.

Instead, returning travelers are required to stay at home, wear a government-issued tracking device, and stay within range of a government-issued Bluetooth beacon at all times for a week … or else. No visitors are allowed and only a medical emergency is a ticket out. But that sounded easy compared to the hotel quarantine we endured in 2020.

Continue reading

Intel teases 'software-defined silicon' with Linux kernel contribution – and won't say why

It might enable activation of entirely new features on existing Xeon CPUs … or, you know, not

Intel has teased a new tech it calls "Software Defined Silicon" (SDSi) but is saying almost nothing about it – and has told The Register it could amount to nothing.

SDSi popped up around three weeks ago in a post to the Linux Kernel mailing list, in which an Intel Linux software engineer named David Box described it as "a post-manufacturing mechanism for activating additional silicon features".

"Features are enabled through a license activation process," he wrote. "The SDSi driver provides a per-socket, ioctl interface for applications to perform three main provisioning functions." Those provisioning functions are:

Continue reading

Chip manufacturers are going back to the future for automotive silicon

Where we're going, we don't need 5nm

Analysis Cars are gaining momentum as computers on wheels, though chip manufacturers' auto focus isn't on making components using the latest and greatest fabrication nodes.

Instead, companies that include Taiwan Semiconductor Manufacturing Co and Globalfoundries are turning back the clock and investing billions in factories that use older manufacturing techniques to make chips for vehicles.

The rapid digitization and electrification of cars has created a giant demand for smaller, more power-efficient auto chips, said Jim McGregor, principal analyst at Tirias Research. He added that cars don't necessarily need the latest manufacturing processes, though, and many are still using analog-based components for various functions.

Continue reading

Alibaba Cloud unveils home-spun 128-core Arm-powered server CPU

Also plans to open-source current XuanTie RISC-V cores and future designs

Alibaba Cloud has revealed a home-grown CPU for servers, based on the Arm architecture, that it has already deployed powering its cloud services.

Named "Yitian 710", the processor was built on a 5nm process and boasts 128 Arm v9 cores that hum along at up to 3.2GHz. Eight DDR5 channels and 96 PCIe 5.0 lanes are aboard, accounting for some of the 60 billion transistors on the die.

Yitian 710 was billed as a cloud-native processor at Alibaba’s Apsara conference today, but the Chinese cloud leader offered few details beyond those above.

Continue reading

Japanese messaging giant Line admits it mishandled user data, promises to do better

Sent user data to China without once thinking Beijing might decide to snoop, lied about server location

Line, the Japan-based messaging and payments app with millions of users around Southeast Asia, has conceded that its data protection regimes had multiple shortcomings, and therefore put users' personal information at risk.

Parent company Z-Holdings yesterday released a report compiled by a Special Advisory Committee on Global Data Governance that it convened in the wake of revelations that some user data had been processed in China and/or stored in South Korea.

Line is vastly popular in Japan, where it boasts over 85 million monthly users and is so prevalent the nation's government relies on it as a channel for digital services. The app has also made inroads into South Korea, Thailand, Taiwan, and other Asian nations, bringing it a total user population of over 700 million – over 150 million of whom are active monthly users.

Continue reading

Canon makes 'all-in-one' printers that refuse to scan when out of ink, lawsuit claims

We can't wait to see the logic gymnastics needed to justify this

Canon USA has been accused of forcing customers to buy ink cartridges when they only want to scan and fax documents using the manufacturer's so-called All-In-One multi-function printers.

David Leacraft bought a Canon PIXMA MG2522 All-in-One Printer from Walmart in March, and was appalled when his device was incapable of scanning or a faxing documents if it ran low, or out, of ink. Unlike printing, scanning and faxing documents do not ordinarily require ink.

He wouldn’t have spent the 100 bucks on Canon’s printer if he had known this, his legal team noted. Feeling cheated, Leacraft fired a lawsuit at Canon USA, seeking class-action status on behalf of other disgruntled customers.

Continue reading

Apple arms high-end MacBook Pro notebooks with M1 Pro, M1 Max processors

x86 is an eighty-sixed ex

Apple on Monday announced 14- and 16-inch MacBook Pro models armed with Arm-compatible Apple Silicon chips, extending its platform architecture transition, and Intel exodus, for its high-end notebooks.

Cupertino's web-streamed presentation, which also featured new music products and services, was highly anticipated by Apple customers because, as expected, it addressed long-standing complaints about recent MacBook Pro models. In particular, their failure-prone keyboard, the unasked-for TouchBar, and the finicky USB-C power connector.

Though Apple's disastrous Butterfly-design keyboard has already been dealt with, the first aspect of the new MacBook Pro models that product manager Shruti Haldea discussed was the keyboard.

Continue reading

US lawmakers give Amazon until November to prove it didn't lie to Congress

This better be a Prime delivery

US House representatives say they are ready to call upon the Department of Justice to investigate whether Amazon executives, including ex-CEO Jeff Bezos, lied to Congress about whether the internet giant unfairly uses customer data to create and market its own products.

Employees in India were accused of keeping tabs on which products sold by third-party vendors proved to be popular among buyers, and then developing competing Amazon-branded versions. Amazon then rigged its product search results to unfairly promote its own products and crush competition on its Indian website, judging from internal documents.

Those files, obtained by Reuters, go against previous statements and testimonials Amazon executives and founder Bezos gave a House Judiciary subcommittee on antitrust. In a hearing in July 2020, the billionaire space tourist said Amazon’s own policy “prohibits the use of anonymized data, if related to a single seller, when making decisions to launch private brand products.”

Continue reading