Facebook admits tracking non-users due to 'bug', but disputes Belgian privacy report
With a potential European class action looming over its role in US surveillance, Facebook has this week disputed claims contained a Belgian privacy report that it violated European privacy laws. However, the company admitted it had collected data from non-Facebook users via websites embedded with its Like button, but says it was a bug.
The company this week responded to the final version of a report commissioned by the Belgian Privacy Commission, which looked into an update Facebook made to its data use policy last year. It claimed that Facebook's tracking methods and contract terms violated European law, while its opt-out mechanism for behavioural advertising didn't allow users to provide legally valid consent.
Facebook's initially responded by saying the report contained "factual inaccuracies" and that the researchers never contacted it to discuss the claims. It also said its efforts to reach out to the Belgian data protection authority to discuss the inaccuracies were knocked back, but maintained it was confident the policy update complied with EU law.
Until this week, however, it hadn't explained what those inaccuracies were. It's now listed some of them in a bid to "set the record straight".
"The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world," Facebook's vice president of policy for Europe Richard Allan said on the site this week.
One of the more contentious claims in the report was that Facebook used its Like button - embedded on third party sites - to track everyone on the web, even if they were not users of the social network. According to the report, this was made possible through a special cookie called 'datr' reserved for non-users.
According to Facebook what the researchers found was actually a bug.
"Our practice is not to place cookies on the browsers of people who have visited sites with Social Plugins but who have never visited Facebook.com to sign up for an account," said Allan.
"The authors identified a few instances when cookies may have been placed, and we began to address those inadvertent cases as soon as they were brought to our attention."
The company also claims that it actually does respect people's choice to opt out of behavioural ads, that it does offer a way to opt out of social ads and respects opt-out decisions across all devices. The researchers claimed that opt-outs for Facebook's 'Sponsored Stories' was not available.
"If someone opts out, we no longer use information about the websites and apps that person uses off Facebook to target ads to them," said Allan.
"People can opt out of seeing ads on Facebook that are based on the websites and apps they use off Facebook through the industry-standard Digital Advertising Alliance opt out, the European Interactive Digital Advertising Alliance opt out or the Digital Advertising Alliance of Canada opt out. Here, they can opt out of these ads from Facebook and from more than a hundred other companies. People can also opt out using their phone settings," Allan added.
"Facebook honors this choice on any device where you use Facebook, whether it's your phone, tablet, or desktop. When you opt out, Facebook no longer shows you these types of ads, but it also means Facebook does not add this information to the interest lists we use to decide what ads to show you.
"Facebook does receive standard "web impressions," or website visit information, when people visit sites with our plugins or other integrations. The authors misleadingly call this "tracking." Unlike many companies, we explain how we will use this information and the controls we honor and offer. And, we apply the choices people make before using information for behavioral ads."
Read more on this story