CookieLaw Blog June 15, 2011

Facebook ‘Like’ and Other Social Buttons

There must be hundreds of thousands of websites that have the Facebook ‘Like’ button on them.  If not more.  Probably Facebook could tell us if they wanted.

It has been a very successful way of promoting a website, and it’s an easy way to get on the ‘social web’ bandwagon, so it’s not surprising it’s so popular.

However what most of those website owners won’t realise is that this button may cause them to fall foul of the Cookie Regulations.

We have nothing against Facebook. While it is probably not the only social media button that is going to cause compliance problems, it is one of the most popular, so worth an examination as an example of the issue.

The Like button uses an ‘iframe’ – a way of embedding one web page inside another one.

If you have never visited Facebook, and come across one of these buttons and decide to click on it, a pop-up appears asking you to login to Facebook.

Even if you don’t login but close the window, Facebook has put a cookie on your machine.  This means Facebook is not compliant with the regulations (unsurprisingly), but is not yet a problem for the originating website, because a pop-up is obviously a new site, and therefore it’s Facebook’s responsibility.

However, if that visitor is already logged into Facebook, and therefore has Facebook cookies on their machine, and then visits the site with the Like button, then an exchange of cookies will take place between the machine and Facebook via the Like button, especially if the visitor clicks on it.

The website with the Like button has no control over this – the browser thinks it is dealing with Facebook.

However, under the regulations, because the visitor is not visibly ‘on’ Facebook at that time, it is the visible website that is responsible for compliance.

All of which means, by one interpretation, that until Facebook complies with the cookie regulations, any website that carries the ‘Like’ button, will be in breach themselves.

Those that do realise this will have to make a choice between being compliant, and engaging in a major component of the social web.

Which choice would you make?

Recent Posts


January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the Politico.eu (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter