The social network allegedly tracks web browsing habits of anyone who visits a Facebook URL, even if they haven’t opted in or signed up for a Facebook account, according to a report.
The allegations suggest Facebook places cookies on a user’s PC if they visit any page on Facebook.com, whether they have an account or not.
And if a user subsequently visits a third-party site carrying a Facebook social plug-in - such as a ‘Like’ button – that will send information back to Facebook.
The report notes that Facebook social plug-ins feature on 13m sites.
The report alleges that Facebook’s current approach doesn’t meet the standards of consent set by current EU privacy law.
Root and branch check
Susan Hall, intellectual property partner at law firm Clarke Willmott, said marketers should carry out a "root and branch" review of their Facebook activity to ensure they were not breaching data protection laws.
She said: "App developers who link their platforms to Facebook will be affected, and will have to undertake a systematic review of their data protection compliance."
Facebook has strongly disputed the accusations, claiming "factual inaccuracies".
A spokesman said: "The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based.
"We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian [data protection authorities], who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us."
He added: "However, we remain willing to engage with them and hope they will be prepared to update their work in due course."