Data ProtectionPrivacy

Privacy troubles for social media after Belgian Facebook case?

The prohibition ordered to Facebook by the Belgian Privacy Commission to track users without an account might have an impact on all social media and websites.

It seems not a good time for Facebook when it comes to privacy compliance.

The Belgian privacy case

After the famous decision of the European Court of Justice that invalidated the so called Safe Harbor principles following a claim from a Facebook user, Mr. Schrems, the most popular social media in the world had to face a challenge from the Belgian privacy commission.

Earlier this year the Belgian privacy commission had raised some concerns on Facebook’s new terms of service and data policy. But apparently the Belgian regulator was not happy with the initiatives taken by Facebook in order to comply with the issues raised by them. And as a reaction to that, the Belgian privacy authority filed a suit to force Facebook to stop tracking though its cookies people who do not have Facebook accounts before the Court of the First Instance in Brussels.

Following such claim, the court issued an interim ruling obliging Facebook in respect of every user on Belgian territory who is not registered on Facebook:

  1. to cease placing a “datr” cookie when they land on a web page of the domain without providing them with prior sufficient and adequate information about the fact that Facebook places the datr cookie with them and about the way Facebook uses that datr cookie
    through social plug-ins; and
  2. to cease collecting the datr cookie through social plug-ins placed on third-party websites.

The reaction from other data protection authorities

Following the order above, the privacy authorities of The Netherlands, France, Spain, Hamburg and Belgium issued a joint statement in which they declared to expect

Facebook to comply with these orders in all territories of the EU as a means of contributing to ensure consistency with the requirements of the European Directive 95/46/EC and Directive 2002/58/EC, as amended by Directive 2009/136/EC. This statement is without prejudice to the ongoing national investigations and to measures that could consequently be imposed upon Facebook. The measures adopted by Facebook should not bring undue prejudice to the internet user.

This statement puts Facebook in a quite uncomfortable situation in the usage of such cookies throughout the European Union.

What happens to other social media and websites?

What has been underestimated is the potential effect for other social media, search engines and any type of website. If the position taken by the Belgian court shows the view of all the European data protection authorities, the practice of tracking individuals that are not registered users of a site might soon become prohibited to any website. And this might have a relevant impact for advertising strategies that rely on the collection of big data relating to users’ behavior.

The approach adopted by the Italian privacy authority on cookies is quite forward looking. Indeed, according to the guidelines recently issued, websites are required to implement two levels of privacy information notices. And the goal of such notices is to make users aware of both the website’s own cookies and third parties’ cookies distinguishing between technical and marketing cookies.


Don't miss our weekly insights

Show More

Giulio Coraggio

I am the head of the Italian Technology sector and the global head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our clients' success.

Related Articles

Back to top button