In Facebook's latest attempt to prove the efficacy of advertiser dollars, the 950 million-member site will begin tracking what its American users buy in offline stores even as it phases out its controversial facial-recognition feature in Europe.

Although they are separate pieces of technology, the two programs raise concerns about privacy and about just how much of themselves, their tastes and their behavior social-network users are willing to put into the hands of engineers and marketing executives.

Face plant

Criticism from data-protection regulators in Ireland and users all across Europe prompted an order from the European Union that Facebook drop its recently acquired facial-recognition technology in all EU member states. Facebook Europe is an Irish company.

Facebook's facial-recognition feature uses data from photos in which individuals have already been tagged to make suggestions for tagging similar-looking individuals in new ones. In a sense, Facebook "knows" what you look like and can identify you and your friends with remarkable accuracy. 

The EU said the social network needs to ratchet up its privacy-protection efforts before the "Tag Suggest" feature will be allowed back on the pages of European residents.

The campaign for Tag Suggest's ouster in Europe began when Max Schrems, an Austrian student, received a 1,200-page document about himself from Facebook after he had requested a copy of all the data the company kept on him. [11 Facebook Privacy Steps to Take Now]

In the document, Schrems found he had been automatically tagged by the facial-recognition software without his assent. The document has also been pointed to as evidence that photos and comments aren't actually deleted from Facebook, even when users think they are.

Photos and activities stay on Facebook's servers for at least 30 days after they've been "deleted" by users, if they're ever totally purged at all.

Ireland's Data Protection Commissioner (DPC), who was charged with reviewing Facebook's privacy policies by the EU, suggested a total of 45 changes and has asked the company to get rid of facial profiles created by the facial-recognition software by the middle of October.

The social network acquired the face-recognition technology in June when it bought, an Israeli company that had already worked with the Menlo Park., Calif., site for two years.

Facebook constantly walks the tightrope between satisfying its users and its customers, whose desires and goals are often opposed. Users want privacy and a clean interface, while advertisers seek prime placement, personal information and behavioral data to better target their marketing campaigns.

Facebook users have accused the social behemoth of behaving in a cavalier fashion when it comes to protecting user data. The site has also come under fire for offering controversial marketing tools to advertisers, such as "sponsored" newsfeed items that places a person's name and face next to an advertiser that that person "likes" without his or her knowledge or permission.

Data hungry

Months after an initial public offering that CEO Mark Zuckerberg said has "obviously been disappointing," Facebook is trying another tactic as it continues to make the case that ads on its widely used platform, as well as the ads it sells on other sites, are a worthwhile investment.

The company is partnering with the marketing-research company Datalogix in an attempt to prove a direct correlation between the ads a user sees and the products they buy.

Datalogix buys information gleaned from gift cards and loyalty programs that paint a picture of consumption for some 70 million American households shopping at over 1,000 retailers. According to the Financial Times, which broke the story of the Facebook partnership, Datalogix also "creates incredibly detailed profiles of nearly every US household," including the sort of financial information most people wouldn't tell their neighbors.

By comparing this data about individual shoppers with Facebook's information about the same people, Datalogix can determine whether or not a user purchased a particular product in a brick-and-mortar store after seeing an ad for it on Facebook.

According to Facebook, the program is working. The company said that out of the 45 ad campaigns that have been analyzed using Datalogix, 70 percent made $3 in sales for every dollar they spent on Facebook's marketing products.

While that's strong proof that Facebook ads are effective, not everyone is pleased about all the data matching.

The correlated data Facebook receives from Datalogix, and then hands off to advertisers, is anonymized. User data is reported statistically, not individually.

In reports to Facebook and its advertisers, Datalogix splits users who bought a particular product into groups of those who did and didn't see an ad. They do not provide Facebook with consumer information about particular individuals or households.

But at some point in the information-sharing chain, the data is not anonymous at all. In order for Datalogix's service to work, it and Facebook must match real information each holds about real individuals, such as their email addresses, to properly cross-reference their data sets.

Between Facebook and Datalogix, the companies know who you are, where you live, what you're worth, how much you owe and what you drive. If you've got a Facebook app on your smartphone, they could also find out where you are at any given moment.

The Financial Times said privacy advocates are concerned about whether the new practice violates a $9.5 million settlement between Facebook and the U.S. Federal Trade Commission after Facebook was caught deceiving users about privacy practices.

It's not clear when the partnership between Datalogix and Facebook began, but the move was not announced to users, nor were users given a chance to opt out of the program.

In order to be excluded from this data-culling practice, users have to visit the Datalogix site, where they are offered a link that presumably clears their Datalogix browser cookies in a single click. The link leads to a page that tells you that you have "successfully opted out of Datalogix cookie-enabled online advertising."

However, the first result in a Google search for "Datalogix opt out" brings the user to the same completion page. There is no prompt to enter an email address or any other personal information.

Facebook has a history of rolling out new metrics or features that change user privacy without notifying users or giving them the option of opting out.

According to Facebook, an independent monitor is auditing its data-use practices.

Related on SecurityNewsDaily:

Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.