Facebook disputes study saying it might violate European security laws
Apr 1, 2015, 04:12 IST
Facebook is keeping tabs all of its users and tracking which websites they visit - even those that chose to opt out of tracking, according to a new report.These practices, according to privacy experts, may violate EU privacy laws. This report comes from the Centre of Interdisciplinary Law and ICT (ICRI) and the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven in Belgium, and the media, information, and telecommunication department (Smit) at Vrije Universiteit Brussels. This follows an earlier project that also looked into Facebook's potentially illegal user tracking practices.The brunt of the allegations lie in Facebook's use of cookie tracking. According to the report, Facebook plants digital cookies - a digital file companies use to track where its users surf online - on people's computers even if they signed up to not be tracked. The Guardian explains:These cookies can last as long as two years on a computer. Additionally, these cookies were planted into users' browsers from third-party websites including mtv.com, okcupid.com, and myspace.com. Perhaps most jarring was what happened when users tried to opt out of tracking. The researchers visited the European Interactive Digital Advertising Alliance's (EDAA) website for EU citizens that want to opt out of digital tracking. After electing to opt-out of cookie tracking, they found a new cookie from Facebook in their machine. The report writes, "all the later visits to pages that include Facebook social plug-ins can be linked by Facebook using this cookie which has a lifespan of two years." In short, even if you try your hardest to not be digitally tracked, your attempts will be in vain.This opt-out cookie, however, appears to only be delivered to EU users. The report found no instances of this sort of tracking for US or Canadian users.At the heart of this issue is whether or not it's legal in the European Union. EU privacy laws are very strict, and require explicit consent in order for websites to deliver cookies to users. "As far as nonusers are concerned, Facebook really has no legal basis whatsoever to justify its current tracking practices," said researcher Brendan Van Alsenoy to the Guardian.But Facebook strongly disagreed. In regards to the opt-out cookie, called "datr," Facebook told Business Insider, "The purpose of the datr cookie is to identify the web browser being used to connect to Facebook independently of the logged in user. This cookie plays a key role in Facebook's security and site integrity features." The spokesperson added that "no advertising related queries are served to the impression data collected from social plug-ins on websites."In reference to the report as a whole the spokesperson said, "Virtually all websites, including Facebook, legally use cookies to offer their services. Cookies have been an industry standard for more than 15 years. If people want to opt out of seeing advertising based on the websites they visit and apps they use, they opt out through the EDAA, whose principles and opt out we and more than 100 other companies comply with. Facebook takes this commitment one step further: when you use the EDAA opt out, we opt you out on all devices you use and you won't see ads based on the websites and apps you use."The authors of the study told the Guardian they were not contacted by Facebook.