Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort das Ergebnis sehen

The Facebook plugin on websites: What about data protection?

0
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI

The scenario

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Social Media Plugin from Facebook is often embedded. The so-called Widget is integrated into the website via a Javascript code. The plugin comes in several variations, including:

  • The Facebook Plugin on Websites: What about Data Protection?

    The Scenario

    On a website, the Facebook Social Media Plugin is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Tracking of users for retargeting purposes (Facebook Pixel or Facebook Connect)

  • Displaying posts or comments from the Facebook page on the website
  • _The Facebook Plugin on Websites: What about Data Protection?

    The Scenario

    On a website, the Facebook Social Media Plugin is often embedded. The so-called_Widget_ is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Facebook Like Button, often displaying the number of existing likes

The Facebook Plugin on Websites: What about Data Protection?

The Scenario

On a website, the Social Media Plugin from Facebook is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Consequences of Embedding the Facebook Plugin on a Website:

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: When calling up the website, the IP address of the user will inevitably be transmitted to Facebook. This cannot be prevented because the Internet Protocol prescribes it. Additionally, cookies are transmitted.

Data transfers when integrating the Facebook plugin (Facebook Connect).

The Facebook Plugin on Websites: What about Data Protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Files shown are loaded when the Facebook Script is embedded. They continue to ensure that cookies are loaded:

Cookies transmitted by Facebook Connect.

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several versions, including: Data protection reasons required to make the values of cookies anonymous. In addition to the aforementioned (technical) Third-Party Cookies, the (technical) First-Party Cookie named _fbp with a duration of 3 months is also transmitted.

Legal evaluation

Since 2017, IP addresses are, according to the Federal Court of Justice , personal data. These may not be simply passed on to third parties without prior consent from the user. It would be possible if a legitimate interest existed. For a Facebook plugin, such an interest can hardly be justified.

The Facebook Plugin on Websites: What about Data Protection?

The Scenario

On a website, theFacebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Already in 2016, the District Court of Düsseldorf ruled in the judgment of 9.3.2016 (Az.: 12 O 151/15) that using the Facebook Plugin what unlawful. At that time, it what not even clear whether IP addresses were considered personal data.

Even with a so-called two-click solution, a legally compliant use of a Facebook plugin is probably not possible.

I on not aware of any legally compliant solution of this kind.

Today, the regulations of the ePrivacy Directive (or TMG in accordance with this directive) and the GDPR apply. On the one hand, many Facebook plugins use Cookies. In order to do so, they require consent according to Article 5 (3) of the ePrivacy Directive. Furthermore, the Facebook plugin is a tool that appears to be unnecessary. A legitimate interest does not exist in my opinion. Therefore, consent must be obtained according to Article 6 GDPR to create a legal basis.

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Regarding the ePrivacy Directive, it's worth noting that it applies to Germany, as per a BGH ruling from 2020. The BGH has decided that the Telemedia Act must be interpreted in line with the directive and that the consent obligation under the ePrivacy Directive must be applied. The revised version of the BDSG or TTDSG contains in § 9, as per draft proposal, almost identical wording to Article 5 (3) of the ePrivacy Directive. Update: The TTDSG in its likely final form contains the regulation on cookies and similar technologies in § 25 TTDSG.

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: Customers lists, known as Custom Audiences, which are used for retargeting on the Facebook platform and require consent from the affected persons , what established by the VG Bayreuth (Decision of 08.05.018 – B 1 S 18.105, about Rn. 59ff). This also applies if "only" hashed instead of clear data are used.

Recommendation

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Social Media Plugin from Facebook is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: A proper Data Protection Declaration for the used social media plugins is always necessary. It solves the problem but not.

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: The Facebook Like Button or similar social media widget should never be used in its original form. Instead, I strongly recommend using at least a plugin like Shariff. Shariff ensures that only after the user has clicked on a Like button or the widget, a data protection-critical process takes place. Even this is not legally secure, as the Shariff consent query probably does not meet the legal requirements.

The Facebook Plugin on Websites: What About Data Protection?

The Scenario

On a website, the Social Media Plugin from Facebook is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: … How to design the data protection texts remains unclear. How should something be explained about which nobody except Facebook knows what it could be? Please tell me what Facebook does with which data and to whom these data or insights derived from them are passed on? There is a possibility for comments under this post!

The EU's General Data Protection Regulation generally forces you to think twice when personal data is to be transferred to companies in the USA.

Alternatives

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: … (rest of the text remains the same) Translated text: Besides using tools like Shariff, one should think about whether Like Buttons with live display of previous likes are necessary. Often, a simple button without statistics display suffices. Sometimes, even a link directly to the social media presence is enough. The GDPR at least forces everyone to deal with data sparsity.

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called Widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: That it can also be done differently shows a functionally sufficient and at the same time data protection compliant way to share posts for WordPress. I also use this on my blog.

I would also like to encourage you to question the benefits of a Facebook presence. What may be useful for a local business is completely unsuitable for a nationwide consulting firm, for example, in order to increase sales. My experience is that most companies will not achieve an increase in sales via Facebook. Instead, they often waste their time there and also risk legal disputes.

Facebook Fan Pages (company pages)

The Facebook plugin on websites: What about data protection?

The Scenario

On a website, the Facebook Social Media Plugin is often embedded. The so-called widget is integrated into the website via a JavaScript code. The plugin comes in several forms, including: … (rest of the text) The Facebook Pixel is often used for retargeting measures. Often, Facebook fan pages also play a role here. However, these company pages are also to be critically evaluated without the Facebook Pixel. The ECJ had established that there exists a joint responsibility between the operator of the fan page and Facebook (ruling of 05.06.2018 – C‑210/16).

Recently, German Data Protection Commissioner Ulrich Kelber has asked public institutions to shut down their Facebook presence.

You should send this letter from Mr. Kelber to your city or municipality if it has a Facebook page. Ask your city to refrain from this and refer to the Federal Data Protection Commissioner, citing his letter of 16.06.2021

Key messages of this article

The integration of Facebook plugins on websites is problematic for data protection reasons, as it leads to data transfer without the user's consent.

The use of Facebook features such as Like buttons and retargeting requires the user's consent and entails data protection risks.

The city should delete its Facebook page because it violates data protection law.

About these core statements
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.

Das Facebook Plugin auf Webseiten: Was ist mit dem Datenschutz?