Users who do not have Facebook accounts are still being tracked, the global social network admitted this week —quickly adding that it was due to a bug that is currently being fixed.
Still, it was the Belgian data protection authority that forced its hand in disclosure, calling the social network out in a report that found Facebook in breach of EU data privacy laws and deliberately misleading its users about how their information is employed. The report, written by researchers at the Centre of Interdisciplinary Law and ICT (ICRI) and the Computer Security and Industrial Cryptography department (Cosic) at the University of Leuven, and the media, information and telecommunication department (Smit) at Vrije Universiteit Brussels, listed multiple claims of privacy breach against Facebook.
“The researchers did find a bug that may have sent cookies to some people when they weren't on Facebook. This was not our intention – a fix for this is already under way,” Richard Allan, Facebook's vice president of policy for Europe, wrote in response to the report.
“Facebook is offered free of charge,” Allen wrote, “and we do that by showing ads we think are relevant to people's interests”—a business strategy used by many other internet services including Google, Microsoft, Yahoo and various other media organisations.
“We deliberately chose to open up our findings to public scrutiny so that anyone can check our sources and methodology,” the report's authors wrote in a statement posted online. “People who are interested can compare the ‘claims' Facebook attributes to our report with its actual contents.”
The Belgian Privacy Commission is expected to decide whether to act on the report before the end of the month.