Facebook Like button: Joint responsibility and opt-in required

On December 19, 2018, the Advocate General at the ECJ presented his assessment of the data protection requirements under which companies may include a Facebook Like button on a company website.

According to the Advocate General, the website operator would have to obtain consent for the downstream storage of a cookie by Facebook in the user’s terminal device. In addition, information about data processing must be provided to the extent required by law. Facebook was obliged to provide the required information.

In the view of the Advocate General, the website operator is jointly responsible with Facebook for data processing when a Like button is integrated. Facebook provides the website operator with a code for the integration of the Like button. By the adoption and integration of the code by the website operator, there is a joint decision on the means of data processing. Furthermore, both parties would pursue common purposes with the data processing, here: commercial and advertising purposes. In the view of the Advocate General, this was sufficient to assume a common purpose.

The Advocate General addresses the question of how a boundless expansion of joint responsibility can be prevented and thus the actual task, a meaningful allocation of responsibility for data processing, can be achieved. The ECJ’s decision on this issue is eagerly awaited, in particular its comments on joint responsibility.

Your contact for data protection law: Dr. Stefan Drewes, Tel.: 0228-90248070, E-Mail: