CookieLaw Blog November 10, 2015

Facebook Facing Daily 250K Euro Cookie Fines

Yesterday (10th November) a Belgian court ordered Facebook to stop tracking some non-members across the web.  The social media giant was given 2 days to comply, or be issued fines of 250,000 euros per day.

This is undoubtedly the most significant enforcement action taken against any company for the use of cookies without consent, and shows the increased appetite in Europe for privacy law enforcement, which we have seen building for the last two years or more.

The case revolves around Facebook’s ‘datr’ cookie, and in particular its use of the cookie with visitors who have not signed up to the service, and therefore have not agreed to Facebook’s terms and conditions or cookie policy.

This cookie can be set on a visitor’s browser when visiting some parts of the site, like company pages, without logging in to the service.  Crucially this cookie is then also read by Facebook on subsequent visits to any website that uses the sharing tools, such as the ‘Like’ button.  This can happen even without clicking on the button.

The judge in this case has ruled that the datr cookie amounts to personal data.  Its use potentially allows Facebook to track individuals across any one of millions of sites, building up a profile.

The ruling has determined that this is not permissible under Belgian law, unless Facebook has explicit consent.

Facebook will of course appeal the decision.  It has previously argued that Belgian courts have no jurisdiction as its European operations are centred in Ireland, and therefore subject to Irish law.

Of course Facebook is not the only company that tracks individuals around the web in this way – much of the advertising on the web relies on this kind of data use.  However these kind of practices are coming under increasing pressure and scrutiny from regulators and privacy advocates.

However this case turns out, it is yet further evidence that the rules around consent for cookies, and particularly tracking or third parties cookies, are likely to become increasingly used by regulators.  We will certainly be keeping a close eye on events.

As the practices are common across almost all major websites, every business with an online presence needs to pay attention to this, and make sure they are compliant.  Regular auditing of all sites is an absolute must – but making sure you can show you are getting meaningful consent from users is vital too.

Recent Posts

January 13, 2017
Future of EU Cookie Compliance Webinar: ...

GDPR and now the proposed E-Privacy Regulation mean a stricter regime for cookie compliance, web governance and use of online tracking technologies. Join p...

View Article
Recent blog thumbnail
December 14, 2016
Draft EU ePrivacy Regulation Leaked...

A draft of the proposed legislation to replace the outdated EU ePrivacy Directive was leaked on the (PDF) website this week. The proposal is fo...

View Article
Recent blog thumbnail
November 3, 2016
GDPR Compliance Means Cookie Notices Mus...

Are you one of those people that ticked the cookie law box ages ago and not thought about it since? Well the game has changed and now is the time to re-vis...

View Article
Recent blog thumbnail
September 21, 2016
Optanon Acquired by OneTrust...

We are pleased to announce that Optanon, along with parent company Governor Technology, has been acquired by OneTrust....

View Article

Be in the Know

Subscribe to our newsletter

Onetrust All Rights Reserved