Over the years, Facebook and privacy haven’t exactly gelled together. Just look at its apology for its much-maligned Beacon feature, which sent out alerts that detailed people’s online purchases. Now, Facebook is in hot water yet again after a recent report accused the social network of extending its Internet tracking activities to those who are not even Facebook users.
The report comes to us courtesy of research from the Vrije Universiteit Brussel and the University of Leuven’s Centre of Interdisciplinary Law and ICT, Facebook’s Internet tracking activities extend even to those who have not signed up to their service.
Facebook could be violating European law
European law, as stated in E-Privacy Directive, requires social networks to obtain the consent of users before placing tracking cookies in their computers. The report reveals that Facebook, which rolled out new policies and terms last January, tracks all Internet users, even when they have no Facebook accounts or have logged out.
According to The Guardian, the company does this through the “Like” button that has been placed in more than 13 million websites across the Internet. Even if a user does not use the “Like” button, it detects the person’s Internet activity and sends it back to Facebook.
“Most of Facebook’s ‘new’ policies and terms are simply old practices made more explicit. Our analysis indicates, however, that Facebook is acting in violation of European law,” the universities’ report reads.
Aside from improper tracking, which Facebook performs for advertising purposes, the company is said to also be in violation for other aspects of its service. “Facebook places too much burden on its users. Users are expected to navigate Facebook’s complex web of settings (which include “Privacy”, “Apps”, “Adds”, “Followers”, etc.) in search of possible opt-outs. Moreover, users are offered no choice whatsoever with regard to their appearance in “Sponsored Stories” or the sharing of location data.”
“The authors have never contacted us”
Facebook is denying the findings in the report, saying it contains “factual inaccuracies.”
“The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public,” a spokesperson for the company told The Independent.
“We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us. However, we remain willing to engage with them and hope they will be prepared to update their work in due course.”
The report, which was commissioned by the Belgian Privacy Commission, is meant to aid the agency in its investigation of Facebook’s revised policies and terms. The report comes a week after Austrian Facebook user Maximilian Schrems’ lawsuit against the Data Protection Commission was elevated to the EU’s highest court. For the case, Schrems obtained 211 pages of material from Facebook.