Facebook is in hot water anew, this time in France because the company has been caught tracking the browsing activity of non-Facebook users.
The French data protection watchdog has ordered the social networking giant to follow Europe’s data protection rules within the next three months or, otherwise, suffer from regulatory sanctions in the country.
Since receiving the notice from the French authority, Facebook has kicked off a review of the document and reiterated that it is confident the company is in full compliance of European laws for data protection.
Furthermore, CNIL finds that Facebook lacks the mechanism for informing Web users that the company drops a cookie in their computer once they visit a Facebook Page of a public figure, group or event. These are public Web pages, thus accessible to anyone who would click the link leading to these pages. Facebook is also reportedly dumping advertising cookies in the computers of users who would visit the site.
As a refresher, cookies are temporary files dumped by websites to our machines in order to transmit information to those sites pertaining to third party services that offer plug-ins for Facebook, in this case. As a standard, websites must inform users when they would place the cookie in their computer.
In addition to the secretive cookie dumping practice, Facebook has also been caught gathering details about a user’s religious and political views, without the user’s explicit permission. For CNIL, all of these constitute a violation of the European data privacy laws. What aggravates the problem is that Facebook does not offer any means for opting out from the data collection activity of the site. Again, for CNIL, this transgresses the basic rights of users to privacy.
But the most glaring violation that Facebook allegedly committed against the data privacy rules in the region is its adoption of the Safe Harbor data transfer protocol, which the European Court of Justice declared illegal just last year.