Facebook told to stop tracking users that aren’t logged in

In late 2015, a Belgian court ordered Facebook to stop tracking internet users in the country, even when they were not logged into – or even members – of its site.

Failure to comply within 48 hours would result in a €250,000 a day ($267,000) fine by the Belgian Privacy Commission (BPC), which brought the case.

Last week, in an eerie case of déjà vu all over again, a Belgian court ordered Facebook to stop tracking users not logged into its site or face a fine of €250,000 (now $315,000) per day up to a maximum of €100m. It must also delete data it had gathered from Belgians in this way.

Same issue, same result against Facebook more than two years on – what gives?

The legal answer is Facebook appealed against the 2015 judgement, winning in 2016 on the basis that because Facebook’s European HQ was in Ireland, the company should not be regulated by a court decision made in Belgium.

That appeal has, in turn, now been overturned, leaving the case more or less back at square one. Not surprisingly, Facebook said it will appeal yet again, which means the case trundles on.

The dispute is over the way Facebook is said to have carried out commercial surveillance on internet users who come into contact with the site with, but often without, their explicit consent.

It’s not the only company that does such things, of course, but it has become the European test case for where the acceptable lines should be drawn.

Most Facebook users might expect the company to track what they do on Facebook and other sites while logged into Facebook according to the company’s published ad policy.

What’s less appreciated is that Facebook uses technologies such as cookies, a piece of web code called Facebook Pixel, and even the ‘like’ or ‘share’ social buttons found on countless third-party websites to continue its surveillance across the web.

According to research commissioned by the BPC, this allegedly includes internet users who aren’t even members but merely encounter these features during browsing, or have opted out of tracking.

You can check out any time you like, it seems, but never really leave.

Facebook’s latest response to this accusation:

The cookies and pixels we use are industry standard technologies and enable hundreds of thousands of businesses to grow their businesses and reach customers across the EU.

Which includes consent:

We require any business that uses our technologies to provide clear notice to end-users, and we give people the right to opt-out of having data collected on sites and apps off Facebook being used for ads.

Facebook’s problem is that this isn’t simply a case of an internet superpower being pestered in one country by a small European privacy watchdog – others are on its case too.

A week earlier, Facebook lost a case brought by German consumer organisations alleging its privacy settings were illegal under consumer law.

The company has already committed to turning on new privacy settings to comply with the EU General Data Protection Regulation (GDPR), whose full force will be unleashed this year.

Meanwhile, it is under the cosh over fake news and accusations it allowed itself to be hijacked to influence US elections.

Facebook has faced down many opponents in its time, but an ongoing war with Belgium over its approach to privacy is one it could do without.