Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Facebook tracks all site vistors, violating EU law, report says

Loek Essers | April 1, 2015
Facebook slammed the report, claiming it contains factual inaccuracies.

The problem with these practices is that the cookies are placed without consent, which under EU law is only allowed if there is a strict necessity to do so. Facebook maintains that the "datr" cookie plays a key role in Facebook's security and site integrity features. However, given that the "datr" cookie is used in the EU when someone tries to opt out of ad targeting, but isn't used in U.S. and Canada in similar circumstances, it's hard to believe that the cookie is strictly necessary for site security, Van Alsenoy said.

People who want an easy way to protect themselves against ad tracking can use browser add-ons such as Privacy Badger, Ghostery and Disconnect, which block tracking, researchers said.

Meanwhile, Facebook slammed the findings. "This report contains factual inaccuracies," said a Facebook spokeswoman in an emailed statement, adding that the inaccuracies in the report were explained in detail to the Belgian Privacy Commission after the report's earlier draft was published.

According to the company, the use of cookies for logged-out accounts is a standard, acceptable and lawful practice that has been actively used by Facebook and many other websites for years. Facebook said it uses these cookies to, for example, identify and disable accounts of spammers, recover account information and provide extra security features like login notifications and login approvals. Facebook also uses them to deliver, select, evaluate, measure and understand the ads served on and off Facebook, including ads served by or on behalf of its affiliates or partners, it said.

Cookies are also set for non-Facebook users who have visited facebook.com, to help protect Facebook Services and the people who use it from malicious activity, the company said. They can help detect and prevent denial-of-service attacks and the mass creation of fake accounts, it added.

Facebook is confident that its updated policies comply with EU law, the spokeswoman said, adding that it routinely reviews product and policy updates with its EU regulator, the Irish Data Protection Commissioner (DPC).

Facebook will have to deal with other, national privacy authorities though. The Belgian, Dutch and a German privacy authority have all started investigations into Facebook's policy changes and the three countries in February formed a task force to examine how the policy might violate EU privacy laws.

The researcher's report will be taken into account by the three authorities, a spokeswoman for the Belgian Privacy Commission said, adding that it was too early to draw any conclusions. The Commission hopes that if it turns out that Facebook has violated the law, it can come to a friendly agreement, but if that turns out to be impossible, Facebook could also be sued as an extreme measure, the spokeswoman said.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.