A German data protection authority contends Facebook is tracking users even after they delete their accounts, and it wants the company to respond to this potential privacy violation by Monday.
Caspar said if users do not give their consent, Facebook should delete information it has stored, in accordance with European privacy regulations. If the discussions break down, the Hamburg DPA will pursue legal options, Caspar said. The agency has the power to levy fines.
The agency concluded that Facebook does not need to leave persistent cookies on a person's computer, some of which remain for up to two years even if they delete their accounts, Caspar said. "Our investigation gave no reason for the setting of cookies," he said.
But cookies can easily be deleted in web browsers. Firefox has a setting, for example, to delete cookies once the web browser is closed, effectively foiling efforts to collect consistent information from a computer.
Other measures can also be used to foil data collection, such as the use VPNs, which can make a computer appear to have an IP address in, say, China, when the computer is actually in the UK.
Hamburg's DPA has another outstanding issue with Facebook. It is still awaiting a response from the company about its facial recognition feature that automatically identifies a person's friends and suggests their name. The agency believe that users should have to give their consent before Facebook's systems store and study their faces to enable the feature.