Google and Facebook could be surreptitiously looking over your shoulder if you have been on a number of municipal websites.
Information compiled by Ingeniøren reveals that 20 out of 85 municipal websites share everything from ‘likes’ to advertising cookies before the user has had a chance to decline them.
READ ALSO: Danish Data Protection Agency overwhelmed by GDPR cases
This is clearly against the new EU data protection law introduced in the spring, which was designed to toughen up requirements regarding the protection of personal data.
“When a public website contacts Facebook and reveals that this or that citizen has visited the site, then I don’t think it is in the interests of society at large or part of a legitimate cause,” Catrine Søndergaard Byrne, a lawyer dealing with personal data issues at Labora Legal, told Ingeniøren.
“In fact it is quite the contrary and a clear breach of the data protection laws,” she added.
Caveat emptor
Facebook was recently fined by the UK Data Protection Agency for not sufficiently protecting the data of 87 million users that was harvested and used by the political consultancy firm Cambridge Analytica.
“With what we now know about Facebook, the authorities must take this into consideration when they co-operate with them,” Byrne cautioned.
READ ALSO: Google may have violated Denmark’s data storage laws
Fifteen of the websites looked at used social plug-ins that allow users to ‘like’ and ‘share’ content, but also allow companies such as Facebook to look over their shoulders.
However, some municipalities have not been aware of the problem before now.
“When we went to our supplier, we ordered a website that satisfied all the legal requirements, so of course it is our responsibility, but we were acting in good faith because we didn’t get the product we ordered,” said Ulla Baden, a spokesperson for Gladsaxe Municipality.
Ignorance no defence
This defence doesn’t carry much weight with the IT Political Association of Denmark. The chair of the organisation, Jesper Lund, said “this kind of tracking on official websites has to stop and if the authorities don’t know what a plug-in does, then they should just not use it. It’s as simple as that.”
Venstre’s IT spokesperson Torsten Schack agreed. “It is extremely problematic because if this can happen without anyone having really given the matter much thought, then one might be concerned about what other things there is no control over,” he said.