U.S. and EU privacy and consumer groups called on privacy regulators to stop Facebook's plans to gather the Internet browsing patterns of its users while they visit other sites.
The groups, gathered in the Transatlantic Consumer Dialogue (TACD) asked the U.S. Federal Trade Commission (FTC) and the Irish Data Protection Commissioner (DPC) to stop Facebook collecting the web browsing activities of Internet users in order to target advertising. They made the request in a letter sent to the authorities on Tuesday. Facebook's European headquarters is in Ireland, giving the Irish data protection commissioner responsibility for defending its European users' personal data and privacy rights under EU law.
The privacy groups expressed "deep alarm" about Facebook's June announcement that it would start tracking information from some of the websites and apps its users are visiting in order to serve more relevant ads.
At the time, Facebook said: "When we ask people about our ads, one of the top things they tell us is that they want to see ads that are more relevant to their interests," the company said at the time, adding that in the U.S. it would "soon" start tracking users' off-site surfing behavior. Anyone who doesn't want to be tracked can opt out via the Digital Advertising Alliance website.
But on Tuesday the groups said: "Facebook already installs cookies and pixel tags on users' computers to track browsing activity on Facebook.com and Facebook apps. If Facebook is permitted to expand its data collection practices, those cookies and pixel tags will also track users' browsing activity on any website that includes a few lines of Facebook code."
Authorities should "act immediately to notify the company that it must suspend its proposed change in business practices to determine whether it complies with current U.S. and EU law," the groups said, asking the authorities to make any findings public so they can be reviewed.
In the past, Facebook has stated it does not track users across the web and said no information received when users see a Facebook social plugin on a third party website is used to target ads, the groups said. However, Facebook's proposed data collection expansion directly contradicts its previous statements, they said.
Facebook's proposed use of pixel tags to track users is almost identical to its 2007 Beacon program. Within that advertising program, 1x1 pixel GIF tags were used to track users' browsing history on non-Facebook websites and to transmit that information to Facebook's own servers, they said.
That program was abandoned by Facebook after users protested and filed a class-action lawsuit in the U.S. for privacy violations. In the wake of the uproar, Facebook apologized and admitted the program had been a mistake.
The groups also called on the FTC to examine whether Facebook's change in business practices violates a 2012 consent order between it and the FTC in a case involving the company's repeated sharing of information its users had asked to keep private. In that order Facebook agreed not to misrepresent the extent to which it maintains the privacy or security of covered information, while this change is misleading users, the groups said.
Moreover, the groups say, when users must go to a separate website in order to opt out of the new program, they have not given their "affirmative express consent" -- something required by the FTC's consent order. Opting out involves downloading an opt-out cookie to override the Facebook collection cookie, which has the effect of punishing the users who are most diligent about their privacy because the minute users clear their cookies, they also delete the opt-out preference, the groups said.
They also asked the Irish DPC how this "new vast expansion of the social network's data collection and user profiling" could have been allowed to go forward in the light of the DPC's investigation of Facebook's privacy practices. After that investigation, which led to the DPC recommending further actions, Facebook made a series of commitments to improve its privacy practices in the EU.
"We respectfully call on you to take the appropriate action, order Facebook to reverse its new data collection practice, and develop public accountability mechanisms for the company to ensure it is complying with required privacy practices," the groups said.
Facebook did not immediately respond to a request for comment.
Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to firstname.lastname@example.org
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.