Sharing needs to be learned – privacy-compliant implementation of social share buttons

Table of Contents

We often come across interesting or funny posts, articles, videos, or pictures on the internet that we don't want to keep to ourselves and happily share with our friends via social media channels. But is sharing the content using the Share Button really compliant with data protection laws?

The first anniversary of the introduction of the General Data Protection Regulation (GDPR) is approaching quickly, and websites have been updated. Cookie consent banners and tracking information have become part of our daily lives, often appearing in the middle of the page, covering relevant content, and just being perceived as annoying. Users quickly click anything to make the desired information visible again.

But how has user behavior actually developed since the GDPR?

Are you now more careful about which content you share via social media sites?

Have you noticed that when filling out forms, you now have to check many more checkboxes, and that you receive emails with long paragraphs about data protection policies from the e-commerce shops of your choice?

The GDPR has strongly influenced the guidelines for social media in the EU. A point that remains very important is the social share buttons on websites. Here, website operators also share a significant responsibility. As has often been observed in the past, social media platforms like Facebook do not handle personal data responsibly. Therefore, it is crucial for website operators to take action.

The following important parameters need to be clarified:

• Is the integration of social buttons harmless?

• What is behind it?

• Is implementation on my website allowed from a data protection perspective?

We will try to answer and clarify all these questions. We will show you how you can integrate a share function on your website without hesitation.

Sharing is Fun

The ability to share media content via digital channels is essentially part of the standard equipment of a blog or website. The key to spreading this content is social media channels, with Facebook, Twitter, and WhatsApp leading the way. Sharing articles or pictures takes very little effort. Generally, pressing a button is all it takes to increase the reach. But what processes are actually behind it, and how can such a button be integrated into the website?

Share Button: Integration in WordPress or other CMS

The integration of social share functionality via WordPress or another content management system is quickly accomplished, with various options and functions available. For example, you have the option to implement a counter (a web application for counting clicks on the website). Alternatively, they can be integrated as a fixed bar on the page. The plugins offer many different options that can be integrated into the website's layout.

[caption id="attachment_18952" align="aligncenter" width="540"]

Fig. 1: Different Design Options | Source: c’t Shariff[/caption]

As a website operator, you not only have a responsibility for the website content but also for the technical functions. You should ensure that the integrations comply with data protection laws. Despite strict GDPR regulations, many plugins or extensions that promise easy installation do not yet meet these requirements.

This Issue Lies Behind the Colorful Share Buttons

One should pay close attention to which extensions are implemented on one's website. When it comes to social media buttons, problems often arise where the browser sends personal data like IP address, cookies, and other information to social services. Even when the user has not used the share function.

This is often because some buttons are embedded as iFrames and therefore do not reside on the website itself, subsequently sending data to third parties.

Furthermore, personal data of the user are disclosed when they are on websites while already logged into Facebook, Instagram, and others, thus providing social services with more information about the user.

Currently, the question remains open whether social media services, website users, or website operators should be held accountable. A legal decision is still pending.

Solution for Data Protection-Compliant Social Share Integrations

You're probably wondering how you can integrate a share button compliantly on your website? The following solutions are possible.

Two-Click Solution

The Two-Click Solution, although outdated, was established on many websites for a while. After the GDPR, this method for using social share buttons has become popular again.

In this case, social share buttons are only activated on the first click. Before this activation, no data exchange has taken place. Only when the user checks the box or activates the slider can sharing occur. Thus, two clicks are necessary to share a post. This procedure is intended to consciously remind users that data exchange only occurs when actively allowed.

Fig. 2: Graphical Two-Click Solution

Integration with the Plugin Shariff

Shariff is of German origin and is one of many plugins that enable data protection-compliant sharing and liking. Heise Medien GmbH publishing group released the Shariff solution as early as 2014 and has continuously further developed it since then. Many content management systems offer Shariff as a plugin/module or extension. Shariff thus represents an attractive solution alongside the Two-Click Solution.

It is important that users only come into contact with social networks when they become active. The communication with the social networks is controlled by a special script and acts as an intermediary between the social channel and the user on the site.

Social Plugins After the GDPR

Since May 25, 2018, dealing with personal data has become even more sensitive and continues to be scrutinized. It is advisable to carefully check if sensitive data is shared when using social plugins. This includes names and email addresses, and can even involve IP addresses, so it should be checked to what extent data protection is adhered to or if adjustments are necessary. The GDPR has tightened the reins on social media. To provide your users with a data protection-compliant website, you should take a critical look at proper implementation.

We do not offer legally binding advice here, but merely provide recommendations. For legally binding statements regarding the implementation of the GDPR, we recommend contacting data protection officers and specialist media law attorneys. You can find more info about GDPR and email marketing on our blog.

What Can We Do for You?

If you would like to integrate data protection-compliant social share buttons on your website, contact us. We are happy to assist you with advice.

Did you enjoy the blog? Recommend it now!

Facebook

Twitter

Telegram

LinkedIn

Envelope

Whatsapp

AUTHOR