In brief: Websites that use a Facebook “Like” button may soon be facing some heat. Even though site owners have no control over how the widgets work, the European Union’s highest court ruled them liable for transmitting users' browsing data without permission.

The Court of Justice of the European Union found that websites containing Facebook’s Like widget send browsing data to the social media giant whether the user clicks the widget or not.

This data sharing violates Europe’s General Data Protection Regulation (GDPR). The ruling does not demand the halt of using these APIs, but a website must obtain consent from users before the information is sent. Currently, the tool sends data as the page loads. By the time a user realizes the site has a Like button, it has already transmitted the information to Facebook, leaving the visitor no way to opt-out.

From now on, websites will have to get permission before sending browsing data despite not being actively involved. There is no way to do this with the current plugin without removing it entirely. Facebook developers will likely have to change the coding of the widgets to comply.

The ruling comes after a lawsuit against the online clothing store Fashion ID. Even though the website was not in active control of the data, the court ruled that its owners could still be held responsible for transmitting the information to Facebook.

"Website plugins are common and important features of the modern Internet. We welcome the clarity that today’s decision brings to both websites and providers of plugins and similar tools."

“Fashion ID’s embedding of the Facebook ‘Like’ button on its website allows it to optimize the publicity for its goods by making them more visible on the Facebook social network,” the court said in a press release.

Since this information is used to make Fashion ID more visible on the platform, it is gaining a commercial and financial benefit on the back of the consumer’s data.

Facebook’s Associate General Counsel Jack Gilbert responded to the ruling saying that the company appreciated the “clarity” the decision brought to the situation.

“We are carefully reviewing the court’s decision and will work closely with our partners to ensure they can continue to benefit from our social plugins and other business tools in full compliance with the law,” Gilbert said in a statement to TechCrunch.

Not only can users expect to see changes to how the plugins work, but also how websites notify them of the widget’s data collection. We’ve already seen a marked increase to the notices received when visiting sites that the GDPR has required. If the trend continues, we might have a whole page of consent notifications to read before getting to the actual meat of the website.

Image credit: Hadrian via Shutterstock