Facebooks tracking of non-users ruled illegal again

Another setback for Facebook in Europe: Judges in Belgium have once more ruled the firm broke privacy legislation by deploying technology like biscuits and social plug-ins to track internet users throughout the web.

Facebook uses data it collects like this to sell targeted advertisements.

The social media giant failed to make it clear how people’s activity was used, the court ruled.

Facebook faces fines of around €100 million (~$124 million), at a rate of €250,000 daily, if it fails to follow the court ruling to stop  monitoring Belgians’ web browsing habits. It must destroy any the court stated.

Facebook said it will appeal and expressed disappointment.

“The biscuits and pixels we utilize are industry standard technologies and enable hundreds of thousands of companies to cultivate their companies and reach customers across the EU,” stated Facebook’s VP of public policy for EMEA, Richard Allan, in a statement. &ldquoWe require any company which uses our technologies to provide notice and we also give people the best to interrogate of getting data collected on websites and programs off Facebook used for advertisements. ”

The privacy lawsuit dates back to 2015 when the Belgium privacy watchdog brought a civil lawsuit against Facebook  because of its close imperceptible tracking of non-users via social plug-ins and so on.   This followed an analysis by the agency that culminated at a highly significant report touching on several areas of Facebook’s information handling practices.

The identical year, after failing to obtain adequate responses to its own concerns, the Privacy Commission decided to take Facebook to court over one of them: The way that it deploys monitoring cookies and social plug-ins on third-party websites to track the online activity of users and non-users.

After its playbook for privacy challenges, Facebook first tried to assert the Belgian DPA had no authority over its business, which is headquartered in Ireland. But neighborhood judges disagreed.

Afterward courts have ruled that Facebook’s use of biscuits violates privacy legislation. The case may end up going all the way to Europe & rsquo if Facebook maintains appealing;s the CJEU, court.

The crux of the issue here is the pervading background surveillance of online activity for digital advertising targeting functions which is enabled by a huge community of embedded and at times entirely invisible monitoring technologies — and, especially in this lawsuit, whether Facebook along with the network of partner companies feeding information into its advertising targeting systems have got adequate approval from their customers to become so surveilled when theyrsquo;re not actually using Facebook.

“Facebook gathers information about us when we browse the web,” explains the Belgian privacy watchdog, referring to findings from its earlier evaluation of Facebook’s use of monitoring technologies.  “To this end, Facebook uses various technologies, like the famous ‘biscuits’ or the ‘social plug-ins’ (for instance, the ‘Like’ or ‘Share’ switches) or the ‘pixels’ which are imperceptible to the naked eye.  It uses them on its own site but also and especially on the websites of third parties.  Therefore, the poll reveals that even in the event that you have never entered the Facebook domain, Facebook is still able to follow your browsing behaviour without you knowing it, let alone, without you wanting it, thanks to those invisible pixels which Facebook has put on over 10,000 other websites. ”

Facebook claims its use of cookie monitoring is transparent and argues the technology benefits Facebook users. (Presumably, it would assert non-Facebook users “gain” from being shown ads targeted in their pursuits.) Understand how we use cookies show them pertinent content and to keep Facebook secure. We’ve built teams of tools that provide people choice and control, & rdquo; stated Allan to the court ruling — and people who focus on the security of privacy from engineers to designers.

But given that some of those trackers are literally invisible, coupled with the sometimes doubtful quality of “consents” being gathered — say, for instance, if there’s merely a pre-ticked opt-in at the bottom of a lengthy and opaque pair of T&Cs that actively discourage the user from reading and knowing what information of theirs is being gathered and — there are some critical questions over the sustainability of this form of “pervading background surveillance” adtech in the face of successful legal challenges and growing consumer dislike of advertisements that stalk them round the internet (which has subsequently fueled expansion of ad-blocking technologies).

Facebook will confront a similar complaint at a lawsuit in Austria, registered by privacy campaigner and lawyer Max Schrems, for instance. Back in January Schrems withdrew against Facebook’s efforts to stall the lawsuit after Europe’s top court threw out the organization’s argue that his campaigning activities cancelled out his personal consumer rights. (Though the CJEU’s decision didn’t allow Schrems to pursue a course action style lawsuit against Facebook because he had originally expected.)

Europe also has a major update to its data security laws coming in May, known as the GDPR, which beefs up the enforcement of privacy rights by introducing a new system of penalties for information security offenses that could scale as large as 4% of a company’s international turnover.

Essentially, GDPR means that ignoring the European Union’s fundamental right to privacy — by relying upon the truth that few customers have bothered to take companies to court over lawful offenses they may not even recognize are happening — is going to get a lot more insecure in only a few months’ time. (On that front, Schrems has crowdfunded a non-profit to pursue strategic privacy litigation once GDPR is in place — so begin stockpiling the popcorn.)

It’s also worth noting that GDPR strengthens the EU’s approval requirements for processing personal information — so it’s definitely not going to be simpler  for Facebook to obtain consents for this type of background monitoring under the new framework. (The being devised ePrivacy Regulation is also pertinent to cookie cutter approval, and intends to streamline the rules across the EU.)

And such monitoring will necessarily become far more visible to web users, who may then be a whole lot less inclined to agree to be everywhere they go online for Facebook’s advantage.

The rise of tools offering ecosystem obstructing provides another route for irate customers to thwart online mass surveillance by advertising targeting giants.

“We are preparing for your new General Data Protection Regulation with our guide regulator the Irish Data Protection Commissioner. We’ll comply with this law because rsquo, we &;ve complied with present data protection law in Europe,” additional Facebook’s Allan.

It’s not fully clear how Facebook will comply with GDPR — though it’s declared a new worldwide privacy settings hub is coming. It’s  running a string of information protection workshops in Europe this year, aimed at small and medium companies — presumably to attempt and make sure its advertisers don’t even find themselves closed out of GDPR Compliance City and on the hook for major privacy legal obligations themselves, come May 25.

Of course rsquo Facebook &;s advertising business not only relies on people’s web browsing habits to fuel its own methods, it relies on advertisers liberally pumping dollars in. That is another reason consumer trust is vital. Nevertheless Facebook is confronting myriad challenges on that front these days.

In a statement on its own site, the Belgium Privacy Commission stated it was delighted with the ruling.

“We are of course quite satisfied that the court has followed our position.  For now, Facebook is conducting a major advertising campaign where it shares its attachment to privacy.  We expect he will put this commitment into practice,” it stated.  

Read more:

Related Post

Most Popular

To Top