Sunday

23rd Feb 2020

Facebook tracking said to breach EU law

  • Researchers say Facebook should design its social plug-ins in way which are privacy-friendly by default (Photo: Franco Bouly)

Facebook is tracking users, both on and offline, contravening EU privacy rules, according to a report.

Compiled by researchers for the Belgian Privacy Commission, the report says the social media giant places cookies whenever someone visits a webpage belonging to the facebook.com domain, even if the visitor is not a Facebook user.

Read and decide

Join EUobserver today

Support quality EU news

Get instant access to all articles — and 20 years of archives. 14-day free trial.

... or join as a group

A cookie is a small file placed onto a computer by a browser and contains information that can be used to track and identify users.

People without Facebook accounts are not spared.

The 67-page report, first published in late February and then again with updated chapters on Tuesday (31 March), notes that “Facebook tracking is not limited to Facebook users.”

Facebook places a so-called “datre” cookie, which contains a unique identifier, onto the browsers of people in Europe who have no Facebook account. The cookie takes two years to expire.

A probe into Facebook by Ireland’s data protection commission in 2011 noted that the “datre” cookie is “used for security, among other purposes”. Ireland’s data commission at the time recommended Facebook to shorten the cookie’s 2-year lifespan.

Meanwhile, Facebook does not place any long term identifying cookie on the opt- out sites suggested by Facebook to US and Canadian users.

As for users, Facebook tracks them across websites even if they are not logged in or use social plugins.

Social plugins include Google+ “+1”, Linkedin “in share”, and Facebook’s “Like Button”. The Facebook Like button is present on some 13 million sites, including health and government websites.

Facebook’s policy says it still receives data when people visit a website “with the Like button or another social plugin”, even if they are logged out or don’t have an account.

Researchers say this violates the EU’s e-Privacy Directive because cookies placed via social plugins require prior consent unless it is needed to connect to the service network or is specifically requested by the user or subscriber to obtain a service.

Brendan Van Alsenoy, a researcher at ICRI and one of the report’s authors, told the Guardian that “to be legally valid, an individual’s consent towards online behavioural advertising must be opt-in.”

Facebook default setting also means it is able to tracks users for advertising purposes across non-Facebook websites.

“Even if the user takes the additional step to opt out, he or she will still be tracked by Facebook, but Facebook promises it won’t use the information for ad targeting purposes,” notes the report.

Facebook, for its part, says the report's authors had "declined to meet with us or clarify the inaccurate information about this and other topics".

A spokesperson at Facebook in an email said virtually all websites, including Facebook, legally use cookies to offer their services.

"If people want to opt out of seeing advertising based on the websites they visit and apps they use, they opt out through the EDAA, whose principles and opt out we and more than 100 other companies comply with," said the contact.

Facebook says it takes this commitment one step further.

"When you use the EDAA opt out, we opt you out on all devices you use and you won’t see ads based on the websites and apps you use," said the spokesperson.

EU-US data pact skewered in court hearing

A lawyer for the European Commission told an EU judge on Tuesday he should close his Facebook page if he wants to stop the US snooping on him.

Insight

How big is Germany's far-right problem?

The Hanau shooting was a national wake-up call to the scale of far-right extremism in Germany, from violent individuals to political hate speech.

Exclusive

Balkan spies 'feed' EU's police database via Czechs

Western Balkan secret services have handed over more the 250 alerts on suspected foreign terrorist fighters since last summer - fed into the EU's police database by the Czech Republic, according to a confidential document seen by EUobserver.

News in Brief

  1. Bulgarian PM investigated over 'money laundering'
  2. Greenpeace breaks into French nuclear plant
  3. Germany increases police presence after shootings
  4. NGO: US and EU 'watering-down' tax reform prior to G20
  5. Iran: parliamentary elections, conservatives likely to win
  6. Belgian CEOs raise alarm on political crisis
  7. Germans voice anger on rise of far-right terrorism
  8. EU leaders' budget summit drags on overnight

Polish 'LGBTI-free zones' not ok, says EU commission

The European Commissioner for equality Helena Dalli has said the distribution of 'LGBTI-free zones' stickers or the adoption of anti-LGBTI resolutions cannot be allowed. Some 86 towns in Poland have so far declared themselves 'LGBTI-free zones'.

Stakeholders' Highlights

  1. Nordic Council of MinistersScottish parliament seeks closer collaboration with the Nordic Council
  2. UNESDAFrom Linear to Circular – check out UNESDA's new blog
  3. Nordic Council of Ministers40 years of experience have proven its point: Sustainable financing actually works
  4. Nordic Council of MinistersNordic and Baltic ministers paving the way for 5G in the region
  5. Nordic Council of MinistersEarmarked paternity leave – an effective way to change norms
  6. Nordic Council of MinistersNordic Climate Action Weeks in December

Latest News

  1. No breakthrough at EU budget summit
  2. EU leaders struggling to break budget deadlock
  3. German ex-commissioner Oettinger lands Orban job
  4. How big is Germany's far-right problem?
  5. Plastic and carbon proposals to help plug Brexit budget gap
  6. Sassoli repeats EU budget rejection warning
  7. Why Miroslav Lajčák is the wrong choice for EU envoy
  8. Unhappy EU leaders begin budget haggle

Join EUobserver

Support quality EU news

Join us