Remember the Belgian Facebook case last month that saw Facebook fined a staggering €250,000 a day for using cookies to track the activity of non-users? Well, Facebook has now said it will respond by requiring Belgian Facebook users to be logged in to see any content.
The 9 November court ruling by the Belgian Privacy Commissioner (BPC) gave Facebook 48 hours to comply, or face a daily fine that by now would have reached some €6 million. It is expected that, by complying, Facebook will no longer have to pay up.
The reason for the fine was that Facebook was placing cookies on visitors’ machines that could remain in browsers for up to two years. While Facebook members have consented to being tracked by these cookies, non-members haven’t, and the European Data Protection Directive – which informs individual EU data privacy laws – states that companies must get user permission to plant tracking software.
Designed to protect user security
Rather than removing the Datr cookie, Facebook has restricted access and maintained that the cookie was designed to protect user security.
So, if you are in Belgium and don’t have a Facebook account, you’ll no longer be able to view content such as profiles and local business pages.
“We had hoped to address the BPC’s concerns in a way that allowed us to continue using a security cookie that protected Belgian people from more than 33,000 takeover attempts in the past month,” Facebook said in a statement given to the BBC. “We’re disappointed we were unable to reach an agreement and now people will be required to log in or register for an account to see publicly available content on Facebook.”
The company plans to contest the order, which it should receive later this week, but for now Facebook will no longer install the cookie file for users who are not signed in or do not have accounts.
Facebook and the EU don’t often see eye-to-eye on data privacy issues. This isn’t the first case between the EU and Facebook, and we don’t think it’ll be the last.
Europe has some of the most stringent data protection laws in the world. If you’re responsible for information security and data protection in your organisation then we’d advise you to read IT Governance: An International Guide to Data Security and ISO27001/ISO27002. It provides a global overview of information security laws and offers advice on adhering to them by implementing an information management system (ISMS) aligned to the ISO 27001 standard.