A new report from the Belgian Privacy Commission has found that Facebook regularly breaks European law by tracking web browsing data from everyone -- even if the user doesn't have a Facebook account or has opted out of tracking. The study was conducted by researchers at the University of Leuven and Vrije Universiteit Brussels.
The issue lies mainly in the way Facebook monitors social plug-ins -- namely, the "like" button.
The Guardian's Samuel Gibbs reports:
When a user visits a third-party site that carries one of Facebook's social plug-ins, it detects and sends the tracking cookies back to Facebook - even if the user does not interact with the Like button, Facebook Login or other extension of the social media site.
EU privacy law states that prior consent must be given before issuing a cookie or performing tracking, unless it is necessary for either the networking required to connect to the service ("criterion A") or to deliver a service specifically requested by the user ("criterion B").
"This report contains factual inaccuracies," said a Facebook spokesperson in a statement to The Verge. "The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public. We have explained in detail the inaccuracies in the earlier draft report ... and have offered to meet with [the report's commissioning body] to explain why it is incorrect, but they have declined to meet or engage with us."