Belgian Appeal Strikes Down Facebook Privacy Ruling

The appeal annuls a ruling that had prompted Facebook to block access to its Belgian site for non-users

Facebook has won an appeal against a Belgian court ruling that could have exposed it to massive fines for alleged violations of users’ privacy.

Last November a court ruled in favour of Belgium’s Commission for the Protection of Privacy (CPP) over Facebook’s use of cookies to track the online activities of both users and non-users alike, including those who had never visited the social network.

security and privacy

Daily fines

Facebook stood to be fined 250,000 euros ($277,800) a day for non-compliance with the ruling, prompting it to block access to the Belgian site for all non-users.

The company said the code in question, known as the “datr” cookie, is used to protect the service’s security, and that blocking all non-users was the only way it could comply with the terms of the ruling without compromising users’ safety.

Facebook appealed on the grounds that the Belgian court doesn’t have jurisdiction over its data centres, which are based in Ireland, and the Brussels Court of Appeal this week ruled in the company’s favour.

“Belgian courts don’t have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed,” the court said in its ruling.

‘Massive violations of privacy’

The court also threw out the Belgian commission’s argument that the case was urgent and required an expedited procedure.

The ruling leaves Facebook free to allow access to the Belgian site to non-users, and to continue tracking their activity with the cookie in question.

“We are pleased with the court’s decision and look forward to bringing all our services back online for people in Belgium,” the company stated.

The Belgian regulator said it will consider an appeal, but would focus on a separate case that examines the use of cookie-based tracking for both users and non-users.

“Today’s decision means simply that the Belgian citizen cannot obtain privacy protection through the courts when it comes to foreign players,” said CPP president Willem Debeuckelaere in a statement.. “Belgians are thus exposed to massive violations of privacy.”

The datr cookie is used not only in Facebook’s web pages, but also in the code for displaying “Like” buttons on a wide range of websites, meaning anyone who visits those sites, too, could be tracked.

Facebook’s storage and processing of users’ data has frequently caused concern in Europe, and last year prompted the Court of Justice of the European Union (CJEU) to invalidate the Safe Harbour data-sharing agreement that had authorised Facebook and other companies to transfer users’ data to the US.

That ruling came amid revelations of mass data collections of such data by US authorities for the purposes of surveillance.

Are you a security pro? Try our quiz!