The “Like” button is just one of the many features used to track users in an excessive zeal to protect their privacy. A contradiction? Not according to Facebook Inc (NASDAQ:FB). But let’s start from the beginning.
In fact, back in November, a Belgian court issued an order that was to prevent Facebook from tracking non-Facebook web users through social plugins on other websites. In other words, Facebook was able to “spy” – thanks to the use of a special cookie – the web activity of users who didn’t have a Facebook account.
According to Brendan van Alsenoy, a legal researcher at KU Leuven Centre for IP & IT Law, EU data-protection laws not only require a dual notice-and-consent exchange prior to the treatment of personal data but they also prohibit a use of personal data that goes far beyond the very purposes pursued.
In the specifics of the Facebook case, the firm is said to hide a cookie which is called “datr” in the code of its social plugins, as well as on the main website, Facebook.com. The firm disputed that the cookie is meant to protect users’ data from any breach.
The Belgiam judge condemned Facebook’s tracking of non-users – that happens any time a user visits Facebook, regardless having a Facebook profile or not -, even if intended for security purposes, as excessive and unreasonably invasive of one’s privacy.
Facebook agreed to block non-Facebook users from accessing Facebook.com so that their browser won’t download or update the datr cookie and their privacy would remain intact. The court decided Facebook will have to pay Euros 250.000 for each day that the California-based firm breaks the order.
Facebook is appealing against the Belgian court’s ruling and it keeps using the datr cookie outside Belgium. In this scenario, a data-privacy consortium that includes privacy regulators from different EU member states is putting pressure on the American firm to comply with the Belgian sentence.
Moreover, new legislation approved by the European Commission is aimed at giving national privacy regulators more power – in terms of issuing fines and corrective actions – to protect a country’s privacy rules against rogue privacy policies embraced by internet companies.