Facebook tracks logged-out users in ‘violation’ of EU law, study says
The research also found that logged out users, and people who don’t have an account at all, were having their Web movements tracked by Facebook through its use of social plugins, primarily the ‘Like’ button.
Although commissioned by the BPC, it was carried out by members of theInterdisciplinary Centre for Law and ICT/Centre for Intellectual Property Rights (ICRI/CIR) of KU Leuven, the department of Studies on Media, Information and Telecommunication (SMIT) of the Vrije Universiteit Brussel (VUB) and the department of Computer Security and Industrial Cryptography (COSIC) of KU Leuven.
Under EU law, any website must get the user’s permission before placing any cookies on their computer. Among other practices, it’s the automatic placement of tracking cookies that interact with its social plugins found on millions of different websites, that puts Facebook “violation of European law,” the study said.
Part of the issue will also fall to the fact that the tracking cookies interact with cookies stored when visiting Facebook.com pages even if the user doesn’t interact with the Like button. Most of the Facebook social plugins themselves don’t actually create new cookies, the researchers added.
This report follows a preliminary investigation into Facebook’s privacy and data practices in relation European law. At the time it said there was “too much burden” on users to navigate Facebook’s “complex web of settings.”
We’ve contacted Facebook for comment and will update when we hear back.