Site   Web

June 17, 2015

Is Facebook Gathering Personal Data Without Consent?

Facebook is a transcendent and dominating force all across the planet. The social media platform has pushed its way into virtually every crack and crevasse of the digital world. The colossal platform is not only the most prevalent of the social media destinations but also has some of the most popular apps on earth and plugins on 13 million different sites across the web, including government agencies.

It seems as if every year Facebook comes under fire for new allegations of invading the privacy of its users or for questionable practices as to how private information is handled and utilized.

Unfortunately, 2015 is no different as reports begin to surface that Facebook’s privacy policy violates European consumer protection laws. As is turns out, Facebook tracks the web browsing of every person who visits either Facebook, or a page that simply has a Facebook plugin (such as Like buttons) regardless of whether the user is logged into Facebook or even has a Facebook account. This is done through installing cookies on devices without a user’s knowledge or permission.

For those that are not familiar with the term, cookies are small files installed on to computers by websites. These files store settings, activities, and other bits of information deemed “necessary”. These are then sent to the websites with each visit which ultimately allow a site to identify specific computers and track that device’s movement across the internet.

The Belgian Privacy Commission recruited researchers from the Centre of Interdisciplinary Law and ICT (ICRI) and the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels to determine how Facebook processes the information collected of those who have Facebook accounts, non-users, and those who have opted-out of tracking in the EU.

The original draft report did confirm that Facebook’s privacy policy is in breach of European law by tracking EU users’ information without consent.

The Belgian Privacy Commission has come out on the matter as stating, “Facebook ‘processes’ the personal data of its members, users as well as of all internet users who come into contact with Facebook. Facebook does this secretively: no consent is asked for this ‘tracking and tracing’ and the use of cookies. No targeted information is provided. The available information is vague and authorizes just about anything.” The Commission later went on to state that the results of the study are “disconcerting” and that “Facebook disregards European and Belgian privacy legislation in several ways”.

To make matters worse, Facebook has not only been secretively tracking those who come into contact with anything Facebook-owned on the web, but Facebook has been placing new cookies on computers of those who opt-out and have never been tracked before.

Co-author to the report, Gűnes Acar of Cosic, was quoted as saying “If people who are not being tracked by Facebook use the ‘opt out’ mechanism proposed for the EU, Facebook places a long-term, uniquely identifying cookie, which can be used to track them for the next two years.” He added “What’s more, we found that Facebook does not place any long-term identifying cookie on the opt-out sites suggested by Facebook for US and Canadian users.”

These findings were ultimately corroborated by an unrelated study conducted by Steven Englehardt from Princeton University’s department of computer science. “I started with a fresh browsing session and received an additional ‘datr’ cookie that appears capable of uniquely identifying users on the UK version of the European opt-out site. This cookie was not present during repeat tests with a fresh session on the US or Canadian version.”

Due to these allegations, Facebook has spoken out in defense, stating that, “This report contains factual inaccuracies. The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public. We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us. However, we remain willing to engage with them and hope they will be prepared to update their work in due course.”

“Earlier this year we updated our terms and policies to make them more clear and concise, to reflect new product features and to highlight how we’re expanding people’s control over advertising. We’re confident the updates comply with applicable laws including EU law.”

The authors of the study, Brendan Van Alsenoy and Gűnes Acar, refute this claim through a quote to The Guardian in which the authors state, “We welcome comments via the contact email address listed within the report. Several people have already reached out to provide suggestions and ideas, which we really appreciate.”

“To date, we have not been contacted by Facebook directly nor have we received any meeting request. We’re not surprised that Facebook holds a different opinion as to what European data protection laws require. But if Facebook feels today’s releases contain factual errors, we’re happy to receive any specific remarks it would like to make.”

Regardless of which side is correct on the matter of “factual inaccuracies”, Facebook does not get the benefit of the doubt here. It has an abysmal track record on privacy, with news headlines about how this online company was conducting business in secretive and destructive ways.

Whatever the case may be, all of Europe has a close watch on Facebook and this will not be the last we hear of this incognito invasion of privacy.

Do you believe that Facebook will ultimately have to atone for their digital sins? What kind of backlash do you believe this will bring down upon the company, if any?


Digital producer, online marketer, community manager, and multi-faceted writer Tina Courtney-Brown has been managing cross-functional teams for online businesses since 1996. Tina has assisted many clients in maximizing online production and marketing efforts, and is a staff writer for SiteProNews, one of the Web’s foremost webmaster and tech news blogs. She’s produced and marketed innovative content for major players like Disney and JDate, as well as boutique startups galore, with fortes including social media, SEO, massively multiplayer games, community management, social networks, and project management. Tina is also a certified Reiki practitioner, herbalist, nonprofit director and spiritual counselor. Learn more at her personal website, or find her on Facebook and Google+.