If you’ve got Facebook ‘like’ functionality on your website then you could be held responsible for any misuse of user data by the social media giant.

The court of Justice of the European Union made this judgment as part of an ongoing action brought by a German consumer rights group called Verbraucherzentrale NRW against German clothing etailer Fashion ID. It turns out that merely having the ‘like’ button embedded on your site results in personal data being automatically transferred to Facebook for it to use in whatever way it chooses, without the consent or even knowledge of the exploited punter.

Sifting through the legalese it looks like the court has concluded that Fashion ID is responsible for the user data it passes on to Facebook since the only reason it embedded the button in the first place is the commercial benefit it gets from people sharing its stuff on social media. This, in turn, means it must be subject to certain data protection obligations such as at least telling visitors to its site what they’re letting themselves in for.

While the case itself is relatively niche and arcane, it could represent the thin end of the wedge when it comes to data protection and consumer rights online in general. The internet is awash with contraptions, such as cookies, designed to track your every move and feed that data into the cyber hive-mind, all the better to work out how best to entice you into spending cash on stuff you didn’t even know you wanted.

Having said that it could be the case that, since Cambridge Analytica, the internet has already got the memo, as those ‘like’ buttons seem to be much less common than they were a few years ago. High profile fines for Facebook and violators of GDPR rules probably mean that website owners have become wary of just embedding any old third party rubbish onto their sites and rulings such as this should serve as a warning not slip back into bad habits.