"Transmission occurs without the visitor being aware and regardless of whether or not he or she is a member of the social network Facebook or has clicked on the 'Like' button," the ECJ said in its ruling.
EU data protection law indicates that a European web retailer and the US social media behemoth are both responsible for taking the data and sending it to Facebook’s Ireland subsidiary.
#ECJ : the operator of a website that features a #Facebook ‘Like’ button can be a controller jointly with Facebook in respect of the collection and transmission to Facebook of the personal data of visitors to its website https://t.co/BXuldkaxWxEU Court of Justice (@EUCourtPress) July 29, 2019
Therefore, users need to be alerted and asked for their consent for the data that is being gathered, but the retailer is not responsible for what Facebook does with the information.
"As a result of this case, companies that embed this 'like' button on their website cannot hide behind Facebook any longer," according to Monique Goyens, of the European Consumer Organisation.
"The decision therefore underlines the right for internet users to always get information on what data are collected and how they are used by websites," she added.
A German consumer agency against online clothes website Fashion ID brought the case to court because the company embeds a Facebook button to lure shoppers to publicise its clothes.
Not everyone agrees, however. Bitkom, the German trade agency for online businesses complained that this would force online retailers to spend additional money without truly protecting consumers.
"With its decision, the ECJ places enormous responsibility on thousands of website operators – from small travel blogs to online megastores and the portals of large publishers," said Bitkom CEA Bernard Rohleder.
He added that this could affect all social media plugins, not just Facebook, which would affect how they could expand their web consumers.