Facebook Blames Bug For 'Inadvertently' Tracking People Not Actively Engaged On Its Site
Facebook said that it has begun to fix the problem at hand, which leveraged cookies to track people who had not signed up for the service when they visited websites that employ certain types of Facebook technology. In a blog post, however, Facebook European Policy Chief Richard Allan said that the Belgian watchdog group had reached a number of erroneous conclusions in its report, saying "The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world."
“It is important to note that tracking of non-users initiates even if one does not visit the Facebook homepage,” the researchers wrote. “In principle, any page belonging to the facebook.com domain will result in the placement of a long-term, identifying cookie (e.g., an event page, a shop page, fan page …).”
Facebook yesterday scrambled to save face, saying first that they follow all applicable laws and that they take steps to publish audits performed by the Irish Data Protection Commissioner, the company's European privacy regulator.
In the face of the Internet monolith's pushback, the authors of the report claim that Facebook is mischaracterizing their research. "They’re unfairly attributing statements to us that we simply did not make,” said co-author Brendan Van Alsenoy, a researcher at Leuven who says he stands by the conclusions of his report. A spokeswoman for Facebook later went on to say that Richard Allan's blog post should be viewed as an attempt to clarify Facebook's practices and not as a comprehensive response to the Belgian Privacy Commission report.
Read carefully, a great deal of the exchange between the Belgian Privacy Commission and Facebook seems to boil down to interpretation and wording, and considering that the agency lacks the power to directly fine or sanction Facebook a resolution of any significance seems unlikely. In the future, however, this may change dramatically, as there is a proposed law before the European Union that if passed would fine companies found in violation of user privacy rights of up to 5% of annual revenue or €100 million ($107.5 million) for violating personal data regulations.