Facebook ‘Like’ and Other Social Buttons

There must be hundreds of thousands of websites that have the Facebook ‘Like’ button on them.  If not more.  Probably Facebook could tell us if they wanted.

It has been a very successful way of promoting a website, and it’s an easy way to get on the ‘social web’ bandwagon, so it’s not surprising it’s so popular.

However what most of those website owners won’t realise is that this button may cause them to fall foul of the Cookie Regulations.

We have nothing against Facebook. While it is probably not the only social media button that is going to cause compliance problems, it is one of the most popular, so worth an examination as an example of the issue.

The Like button uses an ‘iframe’ – a way of embedding one web page inside another one.

If you have never visited Facebook, and come across one of these buttons and decide to click on it, a pop-up appears asking you to login to Facebook.

Even if you don’t login but close the window, Facebook has put a cookie on your machine.  This means Facebook is not compliant with the regulations (unsurprisingly), but is not yet a problem for the originating website, because a pop-up is obviously a new site, and therefore it’s Facebook’s responsibility.

However, if that visitor is already logged into Facebook, and therefore has Facebook cookies on their machine, and then visits the site with the Like button, then an exchange of cookies will take place between the machine and Facebook via the Like button, especially if the visitor clicks on it.

The website with the Like button has no control over this – the browser thinks it is dealing with Facebook.

However, under the regulations, because the visitor is not visibly ‘on’ Facebook at that time, it is the visible website that is responsible for compliance.

All of which means, by one interpretation, that until Facebook complies with the cookie regulations, any website that carries the ‘Like’ button, will be in breach themselves.

Those that do realise this will have to make a choice between being compliant, and engaging in a major component of the social web.

Which choice would you make?