Facebook will contest the Brussels court verdict which threatens “one of our important technologies to stop attackers”.
Facebook is to appeal against a Brussels court ruling on Monday which gives it 48 hours to stop tracking non-members who visit its site, or pay daily fines of up to €250,000 (£175,000).
The verdict is a victory for Belgium's privacy watchdog in a long-running battle with Facebook over its ‘Datr' tracking cookie. Datr in installed without permission whenever anyone, even non-members, visit the social network's site or click a Facebook ‘like' button on other sites. It then tracks their browser activity.
But Facebook has said it will appeal against the ruling, whose fines deadline runs out tomorrow (Wednesday). And its chief security officer Alex Stamos roundly criticised Belgium's Privacy Commission before the verdict, saying its actions threaten the security of Facebook's 1.5 billion members and go against the user security that data watchdogs should be defending.
The Brussels court has ruled Facebook must obtain explicit consent before using Datr to track and collect data on non-members in Belgium. "This is personal data, which Facebook can only use if the internet user expressly gives their consent, as Belgian privacy law dictates," it said in a statement. “If the Internet surfer has no Facebook account, then Facebook has to explicitly ask for permission, and give the required explanation.”
The court ordered Facebook “to stop tracking and registering internet usage by people who surf the internet in Belgium, in the 48 hours which follow this statement”. If it fails to comply, it will have to pay fines of up to £175,000 a day to the Belgian Privacy Commission.
The court also rejected Facebook's argument that it should answer only to the Irish Data Protection Commissioner, where its European headquarters are.
But Facebook's spokesperson confirmed in a statement: “We will appeal this decision and are working to minimise any disruption to people's access to Facebook in Belgium. We've used the Datr cookie for more than five years to keep Facebook secure for 1.5 billion people around the world."
And in a recent blog, Stamos insisted the actions of the Belgian Privacy Commission “could undermine our efforts to keep the accounts of people in Belgium safe”.
He said: “Most significantly, we use the Datr cookie to help differentiate legitimate visits to our website from illegitimate ones. We use the cookie for preventing the creation of fake and spammy accounts, reducing the risk of someone's account being taken over by someone else, protecting people's content from being stolen, and stopping DDoS attacks that could make our site inaccessible to people.”
But analysing the court case, independent UK data privacy expert Chris Boyd, malware intelligence analyst at Malwarebytes, said users are unlikely to agree with Facebook's stance.