Over the past few days there has been renewed focus on how Facebook (and by extension Google and Google Plus) track the browsing habits and activities of both registered and non-registered users using, in Facebook’s case, the “Like” button.
Basically, whether you are registered on Facebook or not, clicking on the “Like” button on a site that has integrated Facebook’s Like Button creates a record that you have expressed a preference about that link. If you are a registered Facebook user, that is associated with your profile and forms part of the personally identifiable data Facebook holds about you. However, even if you are not registered Facebook your IP address is logged.
This data is then passed to servers outside the EU for processing and storage as part of Facebook’s database of user activity which is used as part of their media and advertising business.
The Data Protection Commissioner in the German province of Schleswig-Holstein has ruled that this is illegal under EU Law (specifically Directive 95/46/EC). However, under Facebook’s Privacy Policies the actual regulatory authority responsible for Facebook’s activities globally outside of the United States and Canada is the Irish Data Protection Commissioner, who has noted the German decision.
A complaint is to be lodged by an Austrian Privacy lobby group about Facebook to the Irish DPC, according to TheJournal.ie.
Much of the comments on the Journal.ie article are between people trying to explain how Facebook’s Like button actually works and the implications for personal privacy.
Perhaps this video produced by m’learned colleague Mr Hugh Jones for a competition run by the Irish Data Protection Commissioner and sponsored (ironically imho) by Google a few years ago might put things in context. The video is concerned with CCTV primarily, but switch the CCTV emphasis to tracking of what you are doing on-line and you’ll get the message.
(we can’t embed the video but the link is below)