Facebook 'breaks EU laws' by tracking ALL users – even those WITHOUT accounts, says report

FACEBOOK tracks the online activity of EVERY user who visits its website – even those who have opted-out of tracking in the EU or do not have an account with the social network, a new report has revealed.

Facebook installs tracking cookies on a user's computer if they visit any page on the facebook.com domain GETTY

Facebook installs tracking cookies on a user's computer if they visit any page on facebook.com

The shocking research was commissioned by the Belgian data protection agency after a draft report revealed Facebook was breaching European law.

Researchers claim Facebook tracks the computers of users without their consent in order to target advertising.

We argue that it is the legal duty of Facebook to design its services and components in a privacy-friendly way

Günes Acar

The hugely-successful social network even tracks users who have never registered with Facebook or have explicitly opted-out in Europe, the University report has claimed.

The research focuses on Facebook's social plugins, such as the 'Like' button – which appears on more than 13million websites including government and health sites.

Facebook installs tracking cookies on a user's computer if they visit any page on the facebook.com domain. This includes fan or product pages that do not require a login to access.

A cookie is a small file stored on the user's computer by a webpage. It keeps a record of a user's settings, previous activity and other snippets of information required by the site.

Cookies are exchanged on each visit and can therefore be used to identify a specific user and trace their movements and habits across the web.

Mark Zuckerberg speaking at the F8 developer conference last week GETTY

Mark Zuckerberg speaking at the F8 developer conference last week

Any websites featuring a Facebook plug-in will then gather data on any visitors with the social network's cookies installed. 

Data is collected even when the user does not login with Facebook or press a 'Like' button.

However, EU privacy laws require that prior consent has to be sought before a website can issue a cookie or begin tracking a user.

This is the reason all European websites request permission to 'Allow Cookies' on the first visit.

Facebook's data usage policy – which was updated earlier this year – states: "We collect information when you visit or use third-party websites and apps that use our services. 

"This includes information about the websites and apps you visit, your use of our services on those websites and apps, as well as information the developer or publisher of the app or website provides to you or us."

The update to the social network's cookie policy stated that users will still be tracked even if they do not have a Facebook account or are logged out.

Facebook claims this is to "enable us to deliver, select, evaluate, measure and understand the ads we serve on and off Facebook".

Researchers at the Centre of Interdisciplinary Law and ICT (ICRI), the University of Leuven's Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the Free University of Brussels' Media, Information and Telecommunication department also looked at the opt-out option provided by Facebook.

Users who used the opt-out mechanism on the social network were served with a cookie placed on their computer, the report added.

"If people who are not being tracked by Facebook use the ‘opt out’ mechanism proposed for the EU, Facebook places a long-term, uniquely identifying cookie, which can be used to track them for the next two years," Günes Acar, of Cosic, told The Guardian.

"What’s more, we found that Facebook does not place any long-term identifying cookie on the opt-out sites suggested by Facebook for US and Canadian users."

The Dutch data protection authority is currently investigating Facebook, which has delayed the rollout of the website's updated privacy policy.

A spokesperson for the social network told The Guardian: "We recently updated our terms and policies to make them more clear and concise, to reflect new product features and to highlight how we’re expanding people’s control over advertising.

"We’re confident the updates comply with applicable laws. As a company with international headquarters in Dublin, we routinely review product and policy updates including this one­ with our regulator, the Irish Data Protection Commissioner, who oversees our compliance with the EU Data Protection Directive as implemented under Irish law."

Users who are concerned about privacy can install third-party add-ons to internet browsers designed to block tracking and advertising.

Mr Acar said: "Examples include Privacy Badger, Ghostery and Disconnect. 

"Privacy Badger replaces social plug-ins with privacy preserving counterparts so that users can still use social plug-ins, but not be tracked until they actually click on them.

"We argue that it is the legal duty of Facebook to design its services and components in a privacy-friendly way.

"This means designing social plug-ins in such a way that information about individual’s personal browsing activities outside of Facebook are not unnecessarily exposed."

A spokesperson for Facebook said: “This report contains factual inaccuracies.

"The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public.

"We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us.

"However, we remain willing to engage with them and hope they will be prepared to update their work in due course”.

Facebook: The federation of platforms ?

Would you like to receive news notifications from Daily Express?