Facebook ‘breaks EU laws’ tracking all visitors, even non-users – report

Reuters/Eric Thayer
Even if you have opted out of the tracking option in Facebook, or don’t have account at all, the company is still watching your web movements through the use of social plugins, thereby breaking EU laws, says a report by the Belgian Privacy Commission.

Areportcommissioned by the BPC has discovered that Facebook tracks everyone, even logged-out users or people who don’t have an account at all, primarily through the use of cookies and the ‘like’ button which is found on more than 13 million websites worldwide.

According to EU law, websites must receive a user’s permission before placing any cookies on their computers. The automatic placement of tracking cookies is in “violation of European law,” that is why all EU websites ask users to ‘allow cookies’ on the first visit.

By default Facebook installs tracking cookies – tiny files containing user’s settings and previous activity – upon a visit to any page on the facebook.com domain, which translates into tracking users for advertising purposes across non-Facebook websites.

However, as the report found, for non-users or those who opted out, Facebook instead installed a special cookie called ‘datr’ which still contains a unique identifier and thus could be used to track user during every visit to a website containing a Facebook ‘like’ button.

Facebook disputed the conclusions of the report, claiming it “contains factual inaccuracies,” according to an emailed statement to the Guardian. “The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based,” the statement said.

Facebook allegedly “explained in detail” inaccuracies in the earlier draft report after it was published directly to the Belgian DPA. The Silicon Valley giant even offered to meet the authors of the report to explain why their conclusions were “incorrect.”

READ MORE: 25,000 angry users: Facebook privacy class action lawsuit to be heard by European court

The use of cookies for logged-out accounts is a standard and lawful practice that has been used for years, the company says. Facebook argues that the use of 'datr' to identify and disable accounts if needed and provide extra security features.

“We collect information when you visit or use third-party websites and apps that use our services. This includes information about the websites and apps you visit, your use of our services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us,” Facebook's data usage policy says after the company rolled out its new policies and terms on January 30th, 2015.

The company remains confident that its updated policies comply with EU regulations, the spokeswoman said, adding that the giant is routinely working with its EU regulator, the Irish Data Protection Commissioner (DPC).

However, the new policies, are now under the investigation of the Belgian, Dutch and a German privacy authority. The report will be taken into account by the three authorities, a spokeswoman for the Belgian Privacy Commission said, adding that it was too early to draw any conclusions.