You may have seen the news this week where Belgium’s data protection authority declared that Facebook “tramples on European and Belgian privacy laws“. In other news, the Pope was found to be Catholic and a bear was spotted having his morning constitutional in the woods.
Focusing particular attention to social sharing plugins, the unusually strongly worded report (.pdf, 460kb) announced “it’s make or break time” for Facebook to comply with EU data protection norms. Belgium ordered Facebook to stop tracking the internet activities of people who have not registered with the site or have logged out. The fact that Facebook tracks non-users has been known for five years, but has received a curious amount of publicity recently, possibly as leverage for the Schrems case.
Within its report the Belgian data authority offered specific guidance for webmasters and web site owners regarding social sharing buttons, which are seen to be the means by which Facebook conducts some its worst abuses of privacy:
To Website Owners
This should give any web site owner, webmaster, or developer pause. We have now gone from one extreme – the initial implementation of the cookie law, where people who have never written a line of code in their lives told you how to reprogram your web sites – to the other extreme, where a government has requested use of a specific plugin. True, it’s an open source plugin, so no provider – unlike certain other web laws – has a financial interest here, but it is a big ask to rest a nation’s data security in the hands of a forked side project. Indeed, what if you don’t add that particular plugin, or lack the technical nous to do it yourself? Will Belgium’s privacy watchdog label you guilty by association?
The 99.9% of web site owners and webmasters who are doing absolutely nothing wrong are, once again, at risk of being seen to condone Facebook’s contempt for privacy for merely activating Jetpack. Regardless of the two-step plugin’s merits, or any successful outcomes it might help to bring about, this is wrong.
Additionally, with all due respect to Belgium, it is one small member state within a highly mobile and interconnected continent. As the suggestions are only applicable to Belgian web sites, total national compliance could only ever be a drop of water in an ocean.
Facebook is absolutely in the wrong but this is not the way to make it right. Belgium’s ruling is yet another example of the entire web community being punished for the misconduct of a few. We should not have to be compelled to patch in fixes, workarounds, and hacks to get around one particular company‘s contemptuous relationship with privacy. It really is time for Facebook to clean up their own mess.