Facebook bows to Belgian privacy ruling over cookies By Chris Baraniuk

Technology reporter Published duration 2 December 2015

image copyright Getty Images image caption Facebook plans to appeal against the ruling from the Belgian Privacy Commissioner

Facebook has said that it will respond to a privacy ruling in Belgium by requiring users to log in to view pages on the site.

The original ruling, made by the Belgian Privacy Commissioner (BPC) in November, relates to Facebook cookies that track the activity of non-users.

The company expects to receive an order this week, which it will contest.

But in the meantime, cookies will not be set for non-users and accounts will be needed to access content.

Cookies are text files, and some record the web activity of users. The one in question, which Facebook has named datr, can live in a web user's browser for two years.

Facebook has argued that the cookie provides better security for the site's members by preventing the creation of fake accounts, reducing the risk of accounts being hijacked, protecting users' content against theft and deterring denial-of-service attacks.

"We had hoped to address the BPC's concerns in a way that allowed us to continue using a security cookie that protected Belgian people from more than 33,000 takeover attempts in the past month," said a Facebook spokeswoman.

"We're disappointed we were unable to reach an agreement and now people will be required to log in or register for an account to see publicly available content on Facebook."

Cookie crunch

In a letter on Tuesday, the company told the BPC it would comply "fully" with the order as soon as it was received.

As well as blocking access to pages for non-users, datr cookies will no longer be set for non-users and existing cookies for such individuals will be deleted where possible.

Facebook also says it will implement cookies for users who are logged in to protect against certain attacks on its network.

"We continue to have significant concerns that requirements set forth during these proceedings in respect of cookie practices have not been applied fairly and equitably within Belgium to other internet services, as demonstrated in the reports we have submitted in the past," commented Facebook in the letter.

EU interest

"I think the other protection authorities all over Europe will be looking at this," said Paul Bernal, a privacy commentator and law lecturer at the University of East Anglia.

"Belgium isn't applying Belgian law, it's applying European law, so if they're applying it in Belgium why shouldn't they apply it everywhere in Europe?"

Dr Bernal added that while blocking access to pages for non-users might give added privacy protection to those individuals, it was likely there would be some disappointment among Belgian business owners, for example.

"[If] people cannot now find their Facebook pages [the business owners] will not be happy about it," he said.