This article was published on April 9, 2015

Facebook hits back at study claiming it had breached EU privacy law, concedes there was a ‘bug’

Facebook hits back at study claiming it had breached EU privacy law, concedes there was a ‘bug’

Facebook gets a lot of attention for its privacy practices, and sometimes it even gets sued.

(Somewhat) in its defence, any platform with just shy of 1.4 billion users is going to get a lot of attention whatever it does. For the most part, Facebook keeps mostly quiet, complies with the laws where it operates and carries on about its business.

A little over a week ago, however, a Belgian privacy study suggested that Facebook’s practices weren’t keeping the company in line with current data and privacy regulations in Europe. A position it refuted at the time.

In a more measured response, the company has published an uncharacteristic post hitting back at the Belgian study that had suggested it was in breach of EU data laws for placing of cookies without consent and the tracking logged out users.

At the time of the report’s publication, a spokesperson said that “this report contains factual inaccuracies. The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based.” Having stewed on it for a little over a week, the company has concluded that it was indeed correct first time around.

“Over the past week, a team of privacy experts and engineers at Facebook analyzed the claims presented in a recent report authored by a group of researchers in Belgium. Our findings: The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world,” Facebook says in its most recent post.

What then follows is a point-by-point rebuttal of the claims made in the research, followed by a little more info, for example:

Claim: Facebook doesn’t respect people’s choice to opt out of behavioral ads when they visit websites and apps off of Facebook.

Fact: If someone opts out, we no longer use information about the websites and apps that person uses off Facebook to target ads to them.

Each of the claims and Facebook’s responses are laid out for all to see, if you’re so inclined.

More interestingly perhaps, the one point in the research that seemed particularly pertinent first time around was that some users who hadn’t visited Facebook were having cookies placed on their devices after using Facebook social plugins. While Facebook also says this isn’t its standard practice, it also conceded that there was a bug in the system.

Claim: Facebook wants to use Social Plugins to add cookies to the browsers of people who don’t use Facebook.

Fact: We don’t, and this is not our practice. However, the researchers did find a bug that may have sent cookies to some people when they weren’t on Facebook. This was not our intention – a fix for this is already under way.

Exactly when the fix will roll out, or how many people “some users” relates to is unknown at this point, although we have asked Facebook.

Even though Facebook clearly wasn’t very happy with the report, it seems it did help it find a “bug” in its system that could have impacted the privacy of its users – any company that genuinely cares about the privacy of its users should really be thankful for that.

Update: Speaking to The Guardian, the report’s authors said “Facebook’s latest press release (entitled ‘Setting the record straight’) attributes statements to us that we simply did not make.”

This is based around statements Facebook made in its post that weren’t presented in the original report. For example, Facebook counters the apparent finding that “there’s no way to opt out of social ads,” but the researchers had in fact said that users could opt out.. 

➤ Setting the Record Straight on a Belgian Academic Report [Facebook]

Featured image credit: Gil C /