Wednesday, 19 October 2011

Facebook criticised over post-logout cookies & data sharing

The social networking website Facebook is under attack in the US over allegedly tracking users' online behaviour after they have logged out and a practice known as 'frictionless sharing'.

On 28 September, Chicago-based law firm Perrin Aikens Davis filed a lawsuit against Facebook, asking a California court to end the use of 'post-logout cookies' on the grounds of alleged violations of federal wiretapping and computer fraud. Facebook has admitted it uses cookies that remain active even after logging out, but said 'it does not store or use [that] cookie data for tracking'. A statement industry experts find hard to believe. 

Nik Cubrilovic, the Australian technologist who exposed Facebook's use of 'post-logout cookies', said: "With my browser logged out of Facebook, whenever I visit any page with a Facebook like or share button, or any other widget, the information is still being sent to Facebook." Some members of the US Congress have urged the US Federal Trade Commission (FTC) to investigate Facebook's use of these cookies. 

In the same week, on 29 September, a collection of advocacy groups asked the FTC to outlaw 'frictionless sharing', a practice in which apps from services and publishers can publish users' activity to their wall, without asking for permission for every post. Mark Rotenberg, Director of the Electronic Privacy Information Centre, called the practice a 'massive invasion of privacy'.

Published previously in the October issue of E-Commerce Law & Policy, London 2011. Copyrights apply at all times.