Facebook lost another privacy-related case in Europe, this time against a privacy watchdog in Belgium, which claimed that Facebook was breaking Belgian law by tracking people who didn't have Facebook accounts. Facebook said it will appeal the ruling, but until then, it faces a 250,000 euro fine per day if it doesn't stop tracking non-Facebook users within the next 48 hours.
The issue at hand is that Facebook has been using what it calls the "datr" cookie since 2011, when it started tracking non-users of Facebook through "Like" buttons and on the Web. You can get tracked by Facebook not only if you are logged in to your Facebook account, but also if you have no Facebook account at all and you simply happen to visit a website that has Facebook Like buttons on it.
Facebook was caught multiple times with this type of tracking, and every time it got caught it said that it was only a bug and that it will be fixed. Earlier this year, the same thing happened with the Belgian case. When the company was accused of tracking people across the Web without even being users of the service, it responded with this:
"The researchers did find a bug that may have sent cookies to some people when they weren't on Facebook. This was not our intention - a fix for this is already underway."
Now that the Belgian judge ruled that this sort of tracking was a violation of Belgians' privacy, Facebook said that it's been doing this sort of tracking for five years anyway (despite initial claims that it was only a bug). It also said it will appeal the ruling:
"We've used the 'datr' cookie for more than five years to keep Facebook secure for 1.5 billion people around the world," a spokeswoman said."We will appeal this decision and are working to minimise any disruption to people's access to Facebook in Belgium."
Facebook has a long history of doing things like this, and despite saying multiple times throughout the past few years that it wasn't using the Like button for advertising purposes, it changed its mind regarding that recently.
It's also unclear why Facebook would mention the disruption of its service in this statement, considering that it has to stop the tracking of only non-Facebook users. Facebook assumes that users have already given their consent to the tracking when using the service. However, most Internet users don't seem to like that "deal," despite what the websites' terms of services may say.
Privacy watchdogs from all 28 EU countries are already coordinating national probes into Facebook's potential violations of EU laws. Facebook, as well as all the other U.S. companies doing business in the EU, now also has to deal with the recent ruling from EU's top Court, which invalidated the Safe Harbor agreement between the U.S. and the EU. Even if a new Safe Harbor agreement is passed soon, it's likely going to be much more stringent than the previous one ever was, potentially impacting how U.S. companies track Internet users in the EU and what they do with that data.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.
You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.
Agreed. 250,000 euro per person. Per day. At least.
Its a tax, not a fine. If I break the law I go to jail AND pay a fine.
It's time to bring the hammer down.
The EU is still around because of the amount of money they bring in in "fines"