WORKING

PAPERS

WORKING PAPER • VOL. 7 • N° 27 • June 2021

Fashion ID and decisively influencing Facebook plugins: A fair approach to single and joint controllership

by Paul De Hert and Georgios Bouchagiar

ABSTRACT

Case C‑40/17 Fashion ID GmbH & Co. KG v Verbraucherzentrale NRW eV [2019] OJ C319/2
1. Consumer-protection associations can bring legal proceedings for alleged infringements of the right to the protection of personal data.
2. The website operator, who embeds a plugin that can enable the website-visitor’s browser to request content from the provider of that plugin and, to that end, to transmit personal data to the provider of the plugin, can be seen as a controller; liability is limited to the particular processing operation(s) that she actually determines.
3. Where the website operator embeds a plugin that can enable the website-visitor’s browser to request content from the provider of that plugin and, to that end, to transmit personal data to the provider of the plugin, each actor (the website operator and the provider) must pursue a legitimate interest via the particular processing operations that are codetermined.
4. Where the website operator embeds a plugin that can enable the website-visitor’s browser to request content from the provider of that plugin and, to that end, to transmit personal data to the provider of the plugin, it is the website operator who is bound by the duties to obtain consent and to inform the data subject –regarding the processing operation(s) that that website operator actually determines.

Keywords: Fashion ID, Facebook, joint controllership, like button