Facebook ‘breaks EU laws’ tracking all visitors, even non-users – report
According to EU law, websites must receive a user’s permission before placing any cookies on their computers. The automatic placement of tracking cookies is in “violation of European law,” that is why all EU websites ask users to ‘allow cookies’ on the first visit.
By default Facebook installs tracking cookies – tiny files containing user’s settings and previous activity – upon a visit to any page on the facebook.com domain, which translates into tracking users for advertising purposes across non-Facebook websites.
However, as the report found, for non-users or those who opted out, Facebook instead installed a special cookie called ‘datr’ which still contains a unique identifier and thus could be used to track user during every visit to a website containing a Facebook ‘like’ button.
Facebook disputed the conclusions of the report, claiming it “contains factual inaccuracies,” according to an emailed statement to the Guardian. “The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based,” the statement said.
Facebook allegedly “explained in detail” inaccuracies in the earlier draft report after it was published directly to the Belgian DPA. The Silicon Valley giant even offered to meet the authors of the report to explain why their conclusions were “incorrect.”
“We collect information when you visit or use third-party websites and apps that use our services. This includes information about the websites and apps you visit, your use of our services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us,” Facebook's data usage policy says after the company rolled out its new policies and terms on January 30th, 2015.
The company remains confident that its updated policies comply with EU regulations, the spokeswoman said, adding that the giant is routinely working with its EU regulator, the Irish Data Protection Commissioner (DPC).
However, the new policies, are now under the investigation of the Belgian, Dutch and a German privacy authority. The report will be taken into account by the three authorities, a spokeswoman for the Belgian Privacy Commission said, adding that it was too early to draw any conclusions.