Pando

Researchers claim Facebook breaks EU anti-tracking laws (again)

By Nathaniel Mott , written on March 31, 2015

From The News Desk

Research commissioned by Belgium's data protection agency has found that Facebook runs afoul of European Union laws by tracking consumers without their consent and regardless of whether or not they have a Facebook account.

The Guardian reports that Facebook also monitors consumers even if they've explicitly told the company they do not want their Web browsing to be tracked.

The company is therefore accused of violating data privacy laws so it can better inform its advertising business.

Brendan Van Alsenoy, one of the authors of the report, says that Facebook's activities clearly break European laws:

European legislation is really quite clear on this point. To be legally valid, an individual’s consent towards online behavioural advertising must be opt-in. Facebook cannot rely on users’ inaction (ie not opting out through a third-party website) to infer consent. As far as non-users are concerned, Facebook really has no legal basis whatsoever to justify its current tracking practices.
And Günes Acar, another of the report's authors, told the Guardian that Facebook is deliberately tracking consumers who use its opt-out mechanism:
If people who are not being tracked by Facebook use the ‘opt out’ mechanism proposed for the EU, Facebook places a long-term, uniquely identifying cookie, which can be used to track them for the next two years. What’s more, we found that Facebook does not place any long-term identifying cookie on the opt-out sites suggested by Facebook for US and Canadian users.
This isn't the first time Facebook's practices have been questioned. It isn't even the first time a report commissioned by a Belgian agency has condemned the company's for-profit surveillance. As another report explained in February:
Facebook’s terms do not properly acknowledge the data subject rights of its users. While mention is made of certain (limited) access rights and opt-out mechanisms, Facebook does not appear to give effect to data subject rights. For example, deleting one’s profile is an 'all-or-nothing' exercise and only relates to 'things you have posted, such as your photos and status updates'. Though users have some options to control the visibility of their information within their networks, they are not able to prevent Facebook from further using this information for its purposes.
After that first report was published, Facebook attempted to convince Belgium privacy minister Bart Tommelein that its practices didn't break any laws. The Independent reported that Facebook believed Belgium's criticisms were based on "misunderstandings" about the company's actions and terms of service.

It seems, however, that neither Tommelein nor independent researchers inside Belgium were convinced by Facebook's arguments.

[illustration by Brad Jonas]