Facebook is in hot water anew, this time in France because the company has been caught tracking the browsing activity of non-Facebook users.
The French data protection watchdog has ordered the social networking giant to follow Europe’s data protection rules within the next three months or, otherwise, suffer from regulatory sanctions in the country.
Since receiving the notice from the French authority, Facebook has kicked off a review of the document and reiterated that it is confident the company is in full compliance of European laws for data protection.
The issue came to light in 2014 after the Menlo Park-based company revamped its privacy policy, which caught the attention of the French data protection authority. According to the results of CNIL (the data protection watchdog), Facebook has been collecting the browsing history of non-Facebook users in France.
Furthermore, CNIL finds that Facebook lacks the mechanism for informing Web users that the company drops a cookie in their computer once they visit a Facebook Page of a public figure, group or event. These are public Web pages, thus accessible to anyone who would click the link leading to these pages. Facebook is also reportedly dumping advertising cookies in the computers of users who would visit the site.
As a refresher, cookies are temporary files dumped by websites to our machines in order to transmit information to those sites pertaining to third party services that offer plug-ins for Facebook, in this case. As a standard, websites must inform users when they would place the cookie in their computer.
In addition to the secretive cookie dumping practice, Facebook has also been caught gathering details about a user’s religious and political views, without the user’s explicit permission. For CNIL, all of these constitute a violation of the European data privacy laws. What aggravates the problem is that Facebook does not offer any means for opting out from the data collection activity of the site. Again, for CNIL, this transgresses the basic rights of users to privacy.
But the most glaring violation that Facebook allegedly committed against the data privacy rules in the region is its adoption of the Safe Harbor data transfer protocol, which the European Court of Justice declared illegal just last year.
Facebook, however, claims otherwise, saying it does not transfer data to the United States from Europe using the Safe Harbor mechanism, but instead adopts other legal means for doing so. But it has come to the attention of CNIL that Facebook’s privacy policy in France states that it is still using Safe Harbor, which you can read yourself on their page.
Disclosure: We might earn commission from qualifying purchases. The commission help keep the rest of my content free, so thank you!
