Facebook admits tracking non-account users

11 Apr 2015

Facebook has admitted to tracking users who did not have an account with the social network, but said that the tracking only happened due to a bug that was now being fixed.

Slamming the report commissioned by the Belgian data protection authority, which found found Facebook in breach of European data privacy laws, the social network said the report ''gets it wrong multiple times in asserting how Facebook uses information''.

''The researchers did find a bug that may have sent cookies to some people when they weren't on Facebook. This was not our intention - a fix for this is already under way,'' wrote Richard Allan, Facebook's vice president of policy for Europe in a rebuttal.

He rebutted eight claims separate from the report of the rearchers at the Centre of Interdisciplinary Law and ICT (ICRI) and the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels.

A number of claims listed by the social network were not made in the report, including one that stated ''there's no way to opt out of social ads'', according to commentators.

The report clearly stated that ''users can opt-out from appearing in so-called Social Ads''.

Facebook admitted that its "Like" button planted cookies on users PCs that could track users and non-users alike across the internet.

Facebook had been accused by Belgium's data protection authority, of multiple violations of the EU e-Privacy Directive, of stalking people geographically via its smartphone apps, and of failing to both properly inform users of its data-collection activities, as also acknowledging their rights as "data subjects".

"Facebook combines data from an increasingly wide variety of sources (for example, Instagram, Whatsapp and data brokers). By combining information from these sources, Facebook gains a deeper and more detailed profile of its users. Facebook only offers an opt-out system for its users in relation to profiling for third-party advertising purposes. The current practice does not meet the requirements for legally valid consent," concluded the report.

These data brokers included Acxiom, BlueKai, Datalogix and Epsilon, who maintained large and growing databases about individuals, including both online activity and offline sources.

The report further claimed that Facebook used "pixel tags" and device identifiers to keep tabs on users' web browsing outside of the Facebook environment.