Facebook blinks first in bitter clash Belgian Privacy Watchdog over user tracking cookies
Facebook has retreated in its bitter privacy row with the Belgian data protection agency over cookies that track users, even if they are not Facebook users.
The row between the two has been rumbling on for a while now, but Facebook has now said it would change its settings when it receives the appropriate order from the Belgian Privacy Commissioner (BPC).
It comes after damning privacy report in April this year commissioned by the Belgian Privacy Protection Commission.
That report was sharply critical of Facebook and said that it had used the ‘Datr’ cookie for five years to track the web browsing habits of everyone who visit its website, irrespective of whether they are Facebook users or not.
It alleged that people are tracked, even if they have explicitly opted out of tracking. The watchdog said Facebook must obtain permission to retrieve user information.
Facebook quickly hit back at the watchdog’s report, saying it was “wrong multiple times.” It argued that the cookie provides better security for the Facebook users and prevents the creation of fake accounts, thereby reducing the risk of accounts being hijacked. It also said that Belgium had no authority on this issue, since Facebook’s European headquarters are in Ireland.
Not surprisingly the Belgian watchdog disagreed and then went to to say that Facebook was trampling on European privacy laws by tracking people online without their consent and it was dodging questions from national regulators.
Matters came to a head last month when the Belgian Privacy Commission (BPC) officially ordered Facebook to stop collecting information on people who have not signed up for the social network in Belgium, or face a massive daily penalty.
It warned Facebook that it would be fined €250,000 (£177,600) per day fine if it ignores the order.
Facebook now expects to receive an order this week (which it will appeal), but in the meantime it said that the datr cookies will not be set for non-users. It also said that from now on, Facebook accounts will be needed for Belgian people to access content.
Previously non-users could view public Facebook pages from sports teams, celebrities, tourist attractions and businesses, without the need to log into Facebook.
The social network said that existing cookies will be deleted where possible, and it will implement cookies for users who are logged in to protect against certain attacks on its network.
“We had hoped to address the BPC’s concerns in a way that allowed us to continue using a security cookie that protected Belgian people from more than 33,000 takeover attempts in the past month,” a Facebook spokeswoman told the BBC.
“We’re disappointed we were unable to reach an agreement and now people will be required to log in or register for an account to see publicly available content on Facebook,” said the spokeswoman.
The ruling is the latest in a series of privacy cases brought against Facebook in recent years. Regulators across the world have questioned the legality of the company’s practices, leading to numerous probes and court cases.
CEO Mark Zuckerberg has previously suggested that privacy is no longer a social norm, although new settings that can protect user information has been introduced over the past few years.
Do you value your privacy? Try our privacy quiz!