The highest court in the EU has ruled that a like / follow button should not be available on your website without permission, if that button collects data for a third party. This applies to the like / follow buttons of Facebook, Twitter and Instagram, among other things. In this article we explain how you can request the correct permission on your WordPress website in advance.
What happens when you embed social media on your site?
When people visit your website, all neccessary components to display the page are loaded. For instance, if you embed a like-button, follow-button or or social media from a service like facebook, each visitors will also load a piece of code that originates at Facebook.com.
This allows Facebook as an external party to follow your visitors and keep track of all websites with similar buttons that they visit. Thát is however not allowed, unless you have collected permission to do so from your visitors.
The highest EU-courts have now decided that the website itself is also responsible for that type of data collection. A visitor to your website must first be able to express permission before you are allowed to let Facebook know that the visitor came to your webpage. You obviously cannot adhere to this if the button or box is loaded into the page immediately on a visitors first view of the page. The fact that you have no influence over what Facebook does or does not do with the collected data does not exclude you from being liable, according to the EU Right. The ruling is a consequence of the GDPR (General Data Protection Regulation) that came into force in 2018.
Incidentally, the court’s way of thinking also applies to all kinds of other types of embeds, such as YouTube videos, external media, tracking software, etc. It is therefore important to understand which external services you are loading, and to determine for which of those you need to request permission before loading them. For more background, also read our article about the impact of the AVG on your WordPress website.
Requesting permission for like buttons on your WordPress website
Last year we launched the GDPR Consent Plugin for WordPress. This allows you to disable plugins bij default and enables you to request permissions first in line with the applicable legislation. Shortcodes provided by the GDPR Consent Plugin allow you to easily hide content (and embeds for social media, YouTube etc) and provide a permission request option instead.
Only when your visitor has actively given permission, the embed will be loaded for the visitor. The plugin can be acquired (with a free trial period) and tested from wpupgrader.com. The FAQ explains how you can hide content until permission is given.