Skip to main content

Facebook Faces Fines Of $268K Per Day For Tracking Non-Users In Belgium

Image
By

Facebook is facing fines of €250,000 per day unless it alters the operation of tracking cookies in Belgium after a data protection court ruling. Facebook has said it will be appealing.
The court action dates back to June when the country’s data protection watchdog filed a civil suit against Facebook, following a highly critical report of Facebook’s data protection practices which the Belgian DPA commissioned following updates to Facebook’s privacy policy at the start of this year.
At specific issue in this court case: how Facebook deploys tracking cookies and social plug-ins on third party websites to track the Internet activity of users and non-Facebook users. At the time of filing the suit, the Belgian DPA said Facebook had failed to answer questions about how it tracks non-users and what it does with the data it gleans — hence the watchdog’s decision to challenge the company in court. It also said it wanted to seek legal clarity on whether it had jurisdiction.
In seeking to combat the suit, Facebook had argued the Belgian privacy commission had no jurisdiction over its European business, given it is headquartered in Ireland. However the court slapped this down, ruling that Belgian data protection law does indeed apply and that Belgian courts have jurisdiction.
On this point it’s worth noting the Brussels’ court ruling aligns with recent landmark rulings by Europe’s top court, the ECJ, also relating to jurisdiction and data protection — including the so-called right to be forgotten ruling involving Google Spain, and a more recent judgement where the ECJ ruled that the Hungarian data protection authority is able to impose data protection-related fines on a Slovakian website which was offering services in Hungary — because it judged the latter to have some establishment in the country.
Returning to the Belgian data protection case, Facebook has since sought to argue its tracking cookies are an important security measure for users of the site — albeit it has not provided any public comment on how it is proportionate for an online service to systematically track non-users even for, ostensibly, security purposes.
Writing a blog post on the case last month, Facebook’s CSO Alex Stamo claimed: “We use the datr cookie to help differentiate legitimate visits to our website from illegitimate ones.”
“If the court blocks us from using the datr cookie in Belgium, we would lose one of our best signals to demonstrate that someone is coming to our site legitimately. In practice, that means we would have to treat any visit to our service from Belgium as an untrusted login and deploy a range of other verification methods for people to prove that they are the legitimate owners of their accounts. It would also make Belgian devices more attractive to spammers and others who traffic in compromised accounts on underground forums,” he added.
However again the court was again unimpressed by this line of argument. The Belgian DPA says the court found it “not credible” that systematic collection of a tracking cookie each time a social plug-in is loaded on a website should be necessary for the security of Facebook’s services — ergo it dubbed Facebook’s processing of personal data of people who do not have a Facebook account as “disproportionate”.
Facebook had also sought to argue that the data it collected via the datr tracking cookie was not personal data — but rather a means for it to identify a computer — with Stamo claiming “the datr cookie is only associated with browsers, not individual people” and saying: “It doesn’t contain any information that identifies or is tied to a particular person.”
“At a technical level, we use the datr cookie to collect statistical information on the behavior of a browser on sites with social plugins, such as the Like button, to help us distinguish patterns that look like an attacker from patterns that look like a real person,” he added.
Again the court evidently disagreed with this depiction, determining that the info being gathered and processed by Facebook via this cookie is indeed personal data. And — given the lack of consent for Facebook to gather and process the personal data of non-users — the court also judged this to be a “manifest” violation of Belgian data protection, according to the Belgian DPA.

Comments

Post a Comment

Popular posts from this blog

eGym raises $45M Series C for cloud-connected gym equipment and fitness software

By
eGym , the Munich-based startup that offers cloud-connected gym equipment and supporting cloud software and app for the fitness training floor, has closed $45 million in Series C funding. The round was led by new investor HPE Growth Capital, while existing investors, including Highland Europe, also participated. The problem that eGym is looking to solve is that, whilst gyms have moved from a bodybuilder market to a mass market in the last 20 years, the technology in gyms lags behind. That’s despite the fact that better use of technology can help to reduce customer churn, the biggest pain-point of both gym operator and gym users. Comprising of an app for both gym user and trainer, combined with the company’s connected strength machines, the eGym Cloud makes it possible for gym members to receive better fitness instruction and an evolving and personalised fitness plan based on data collected as they workout. And by providing a better workout feedback loop, gym goers can get an i...
2 comments
Read more

What will a driverless future actually look like?

By
There is a growing consensus that autonomous vehicles (AVs) will soon be a reality. The debate today centers not on whether, but how soon, AVs will be commonplace on our roads. But for all the buzz surrounding AVs, many details about what a driverless future will look like remain unclear. Which business models will work best for the commercialization of AVs? Which AV usage models will be most appealing for consumers? Which companies are best positioned to win in this new market? These are big questions, and no certain answers can be given at this stage. Nonetheless, it is valuable to reflect, in a concrete way, on how this transformative technology might develop. This article will present some conjectures. The end of private car ownership? At a high level, two possible paradigms seem most likely for how society will use AVs. The first is private AV ownership. Under this model, individuals or families would continue to own their own vehicles and use them to get a...
Post a Comment
Read more

Airbnb will open its Cuba listings to users outside the United States

By
Airbnb  will now let travelers from outside the U.S. to book properties in Cuba after receiving authorization from the U.S. government,  reports the Associated Press . Previously, only Americans were allowed to reserve the site’s  Cuban listings . They will open to international users on April 2. Airbnb launched its  Cuban operations in April 2014 , four months after the Obama administration revealed that it will begin to  restore diplomatic relations with the Communist country . The historic policy change means that  travel and trade sanctions will be lifted , which is expected to boost tourism to Cuba dramatically because Americans no longer need licenses to visit. In fact, President Obama is  currently on an official visit to Cuba , the first president since Calvin Coolidge to do so. According to the AP, Cuba is currently Airbnb’s fastest-growing market, with about 4,000 homes added since it opened listings. Other travel businesses...
Post a Comment
Read more

85 legitimate iPhone apps that were infected with malware in the big App Store hack

By
Apple fans have been criticizing Android for years, fighting back against “walled garden” claims by suggesting that Android's open nature makes it far more susceptible to hacks and malware. This is indeed often the case, but if you think  Apple's  closed  iOS  app ecosystem isn't also vulnerable to attacks, think again. Millions upon millions of iPhone  and iPad users were affected by a major App Store hack that was just uncovered, and now we have a list of some of the apps that have reportedly been infected with malware. Here's the bad news: There are some very popular apps on this list, and the odds are pretty good that one or more of them are on your phone right now. DON'T MISS:  10 things iOS 9 can do that you can't do in iOS 8 As was reported early Monday morning, Apple has confirmed that the App Store suffered its first ever large-scale attack. Apple confirmed the hack after multiple security firms reported finding malware called “Xcod...
Post a Comment
Read more