Privacy groups call for FTC probe into Facebook’s new ad-tracking partnership

The calls for an investigation come after the Financial Times reported that Facebook is pairing up with Datalogix to track whether people who see ads for products on the social networking site actually go out and buy them in stores. To do this, the Times said, Datalogix will match up email addresses and other information from loyalty cards and programs at more than 1,000 retailers with Facebook account data to measure the performance of the ads.

“In spite of the consent order, Facebook is allowing Datalogix, a consumer-analytics firm, to match the personal information of Facebook users with personal information held by Datalogix to track Facebook users’ offline commercial activity,” representatives from EPIC and CDD wrote in the letter to the FTC.

Through this partnership, EPIC and CDD argue that Facebook is breaking its commitment to obtain “express consent” from a user before it shares information with a third party that goes further than the privacy settings that user chose for their account.

This data-sharing partnership also skirts Facebook’s promise to not misrepresent how it maintains the privacy and security of user information, the groups said.

EPIC and CDD caution against the mechanisms Facebook has in place to keep the data it’s sharing with Datalogix anonymous. For instance, they argue that the process used to opt out of the data-sharing between Facebook and Datalogix is “confusing and ineffective.”

To opt out, users have to click on link in Datalogix’s privacy policy, after which the company will place a tracking file, known as a “cookie,” on the user’s browser to mark that they want to remain anonymous, according to the letter. But EPIC has warned that this method is ineffective because users often delete cookies from their browsers and “‘do not realize that this step in fact removes the record of their request to be anonymous.'”

The groups also note that email addresses are among the types of information shared as part of the arrangement, yet “an email address that has been restricted by a Facebook user is considered ‘nonpublic user information’ that cannot be ‘shared’ with a third party without the user’s consent.”

In response to EPIC and CDD’s letter, Facebook said in a statement that it is “confident that we are in compliance with our legal obligations.”

A company spokesman said earlier this week that the social network tracks the performance of ads through its own advertising tool and partnerships with Nielsen and ComScore. The spokesman also added that it does not “sell people’s personal information, and individual user data is not shared between Facebook, Datalogix or advertisers.”