Facebook's 'Like' button has become a staple of the web - but German officials believe it to be in breach of EU privacy laws.

Facebook's 'Like' button has become a staple of the web - but German officials believe it to be in breach of EU privacy laws.

Updated, 17.35

IRELAND’S DATA PROTECTION COMMISSIONER (DPC) will be asked to investigate the legality of Facebook’s ‘Like’ button in the coming days, after an equivalent German official deemed the feature to be in breach of EU law.

TheJournal.ie has learned that the DPC will shortly receive an official complaint about the button from an Austrian-based lobby group, which has already filed 16 other complaints relating to Facebook’s data handling and privacy settings in the last few days.

If the complaint is successful, Facebook may be forced to adopt radical changes in the way it operates the ubiquitous ‘Like’ feature – or potentially face court action demanding that the feature be disabled for hundreds of millions of worldwide users.

A spokesman for the lobby group, ‘Europe v Facebook‘, said that complaints about the legality of the ‘Like’ button had not specifically been included in its first batch of complaints, filed last week, but that a follow-up complaint dealing specifically with the feature would be lodged in the coming days.

The office of Ireland’s Data Protection Commissioner, Billy Hawkes, will then examine whether the technology behind the button constitutes a breach of privacy law in this country.

‘Shadow profile’

Although the group behind the complaints is based in Austria, the complaints are being filed with the Irish DPC because Facebook’s Terms of Use declares users outside the US and Canada to be in a contract with Facebook Ireland Ltd, the company’s Dublin operation which acts as its headquarters for Europe, the Middle East and Africa.

Last week the data protection commissioner in the German state of Schleswig-Holstein, Thilo Weichert, deemed that the ‘Like’ button was a breach of local, federal and EU law – and said institutions in his state would receive heavy fines if they did not remove the trademark ‘thumbs-up’ button from their sites.

The incoming complaint focuses on how the ‘Like’ button allows Facebook to track the online activity of any web user – even those who are not among the social networking site’s 750 million members worldwide.

By logging the IP addresses of internet users when they visit pages containing an embedded ‘Like’ button, the social network is theoretically able to build a profile of that user’s browsing habits, and then use this to its commercial advantage.

This was illegal under EU law, Weichert argued, because Facebook would harvest this data through web servers based in the US – and not within the EU, as the commissioner said was required.

While Weichert claimed that users could expect their browsing history to be kept on record for around two years, Facebook in response said it deleted such data after 90 days.

Privacy standards

A spokesperson for the DPC here told TheJournal.ie that while its office had noted the German decision, it had not yet begun an investigation into whether the ‘Like’ button complied with data protection laws effective in Ireland.

The spokesperson did confirm, however, that the office would examine “different aspects of Facebook Ireland’s compliance with Irish data protection law” in light of any complaints received from the Austrian group.

#Open journalism No news is bad news Support The Journal Your contributions will help us continue to deliver the stories that are important to you Support us now

Among complaints already received are allegations that Facebook retains data – such as status updates, chat messages, photo tags, deleted friendships and ‘pokes’ – even after the user removes them from their own personal profile.

Other complaints filed by the Austrian group include Facebook’s ability to build ‘shadow profiles’ of non-users by harvesting data supplied by other users – such as phonebook databases.

The group also argues that material posted by users on others’ pages can be shared in ways not known to them, and that third-party applications installed by a user’s ‘friends’ can access their own personal data – with no guarantee of privacy standards.

A Facebook spokesperson said the company was aware of the complaints being filed by the Austrian group.

“The Irish Data Protection Commission has well-established procedures for resolving such issues through dialogue with the relevant data controller which we expect to follow in this case,” the spokesperson said.