I’m operating a website within the EU and nowadays there’s no way without those social buttons all around (according to “them” “up there”).

Recently there’s a concern about the legality of this in the EU, notably the collection of user information sent to the US servers without explicit user consent.

There was a German report on golem.de, along with advice from a lawyer (sorry, German only) that it would be sufficient if the integrated like button would not automatically trigger an interaction with the US server per se, but only with user consent, i.e. manual interaction such as the click.

We currently use the official method of inclusion along with subscribing to the edge.create event to get some sense of its usage. But unfortunately this works by loading an iframe with content from Facebook, thus immediately sending data about the user without his consent, without him even clicking on it. I seek a way to avoid that.

Idea: Show a local image with a local href which starts loading the Facebook stuff only when user actually clicks on it.

The problems as I see them:

1. The user clicks on my DOM element and now I’d need to act like the real FB button was pressed, but how can I do that, since the real button isn’t there? If I load the button, the user would see a second one, need to click again, etc. I’d need to load if off screen, fake the click, etc. Complicated and confusing.
2. The counter next to the likes would be missing. I’d need to find a way to get that information for the current URL (e.g. server side), smartly cache that data, and still be able to show that to the user. I have no idea where I would get that data.

Being within EU or not, law or not, since I started only recently looking into this (because my job demanded it), it got me the creeps when I realized how it really works. I’m a web paranoid, can’t believe I’m alone.

Any ideas how to tackle the above problems?