Advertisement

Facebook fined $269,000 per day for tracking non-users without their consent

Merely visiting (but not logging on to) Facebook page installs a tracking cookie that records personal data like browsing habits and GPS location

Sneaky Facebook

Most of us already know, or at least suspect, that Facebook keeps tabs on all our personal interests, habits, activities, and travel patterns. But the extent to which the company jumps through hoops to secure every bit of relevant information as unknown; that is until a recent a recent rumble with the Belgian privacy commission has brought these methods to light.

European researchers discovered that non-Facebook members who visit the site, or any site the falls under the Facebook.com domain, had a tracking cookie called datr automatically installed on their browser without their consent. Undeleted, the cookie remains on the browser for up to two years, and communicates with Facebook’s servers every time a Facebook-enabled page is visited. The user doesn’t even have to be a Facebook member for this to occur.

What’s more, the researchers observed datr being installed from the “Facebook data policy” page. Next, when visiting any site with the “Facebook like button” on it, they observed the cookie was sending information packets to Facebook. Legally, all websites are legally obligated to disclose if they use cookies so that the user can “decide for themselves” whether they wish to participate in any agreement.

As a reprimand for what it sees as a breach of EU law, the Belgian privacy commission led Facebook to court, where it was given 48 hours to stop using the cookie in Belgium or face a daily fine of 250,000 euros.

Facebook argues that the cookie has actually been around for five years and poses no threat to user security, and instead actually bolsters it. “It is something which our security team believes is the best way to protect people's accounts,” a spokeswoman told the BBC.

Alex Stamos, Facebook’s head of security, clarifies that the cookie helps prevent the creation of fake accounts, reduces the risk of users’ account being stolen, and prevents distributed denial of service attacks. Stamos also mentions that it’ll be harder for Belgians to log on to their accounts without the cookie, requiring them to provide additional verifications.

 Of course this all sounds like PR-speak for damage control. Given the average person’s lack of understanding concerning cybersecurity, it seems like the most probable excuse.

If the cookie has existed for five years, why is it suddenly a concern?

When Facebook announced that it would change the way cookies work in January 2015, permitting it to track users across multiple websites and devices, collect location information , and use pictures for both commercial and non-commercial purposes, the Belgian privacy commission responded by commissioning a report investigating the legality of such actions. The report concluded that tracking non-users was illegal, and handed the findings to Belgian authorities to pursue the matter further. After initial talks with Facebook proved futile, the case was brought to court, and here we are.

Facebook has since appealed the ruling, but unless the court ruling is overturned, then it could be forced to cease tracking within Belgium. Hopefully this inspires other nations to take similar action.

Bear in mind that the Internet is not free. Advertising is a big player and personal data is the hot commodity that drives it. For Facebook itself, advertising revenue is its largest source of income, jumping 45% in 2015 with mobile ad sales making up 78% of this figure.

Source: BBC

Advertisement



Learn more about Electronic Products Magazine

Leave a Reply