Facebook is tracking the web browsing of all visitors to its pages, including non-members and those who have opted out of tracking within the EU, according to a report
Facebook is tracking the web browsing of all visitors to its pages, even those without an account and people who have opted out of web tracking within the EU, according to research commissioned by the Belgian data protection agency.
The report, compiled by researchers at the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels, claims the social network tracks visitors’ computers without their consent for targeted advertising purposes, the Guardian has reported.
Tracking cookies are placed on users’ computers every time they visit a Facebook domain, including government or health sites which carry a ‘Like’ social plug-in button, even if the user doesn’t press it.
Facebook continued to place cookies on researcher’s computers even after they specifically opted out of receiving such files via a site recommended by the social network itself
“During the opt-out, Facebook placed a cookie named “oo” with the value “1” but did not remove any of the cookies stored in the browser, including the “fr” cookie, which, according to Facebook’s 2012 statements, is used for advertisement purposes,” the report states.
“Visiting two sites that contain Facebook social plug-ins, we confirmed that Facebook still receives the uniquely identifying cookies such as “c_user”, “datr”, “lu” and “fr” after the user opts out.
“The finding suggests that Facebook places a long-term, uniquely identifying cookie on the website suggested by Facebook to European users for opting out from interest-based advertising. All the later visits to pages that include Facebook social plug-ins can be linked by Facebook using this cookie, which has a lifespan of two years”
Privacy law within the EU means consent must be requested to place cookies on a user’s computer the first time they visit a website. Prior consent must also be attained before a cookie can be issued or performance tracked, unless the networking required to connect to the service or to deliver a service specifically requested by the user.
Facebook’s data usage policy states that the site collects information when a user visits or uses third-party sites and apps that use Facebook’s services.
“This includes information about the websites and apps you visit, your use of our services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us,” it reads.
A Facebook spokesperson said the report contained factual inaccuracies, and said the authors had never contacted them.
“The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public,” they said. “We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us. However, we remain willing to engage with them and hope they will be prepared to update their work in due course”.
This article was written by Rhiannon Williams from The Daily Telegraph and was legally licensed through the NewsCred publisher network.