Facebook has said that it will appeal the ruling, claiming that since their european headquarters are situated in Ireland, they should only be bound by the Irish Data Protection Regulator.
Facebook’s chief of security Alex Stamos has posted an explanation about why non-Facebook users are tracked when they visit the site.
The tracking issue centres around the creation of a “cookie” called “datr” whenever anyone visits a Facebook page. This cookie contains an identification number that identifies the same browser returning each time to different Facebook pages. Once created, the cookie will last 2 years unless the user explicitly deletes it. The cookie is created for all visitors to Facebook, irrespective of whether they are a Facebook user or even whether they are logged into Facebook at the time.
According to Stamos, the measure is needed to:
Prevent the creation of fake and spammy accounts
Reduce the risk of someone’s account being taken over by someone else
Protect people’s content from being stolen
Stopping denial of service attacks against Facebook