The bug caused the company to place cookies – a common way to track people’s online browsing habits – on web browsers.
In a blog post, Richard Allan, Facebook’s vice president for policy in Europe, said the tracking was "inadvertent" and the company has begun working toward a fix.
"Our practice is not to place cookies on the browsers of people who have visited sites with Social Plugins but who have never visited Facebook.com to sign up for an account," Allan stated.
The bug was discovered by a group of researchers tasked by Belgian privacy regulators with analyzing Facebook’s new terms and policies – rolled out in January – which some allege violate users’ privacy rights.
As a part of its new policies and terms, Facebook authorizes itself to track its users across websites and devices, use profile pictures for both commercial and non-commercial purposes, and collect information about its users’ whereabouts on a continuous basis.
The only recourse for any of Facebook’s more than one billion users who objected to the changes was to leave the social media site.
A final report by the Belgian watchdog group claimed that Facebook's tracking methods and contract terms violated European law, while its opt-out mechanism for behavioral advertising didn't allow users to provide legally valid consent.
Allan, Facebook’s VP for European policy, responded in his blog post by saying the group of Belgian researchers reached the wrong conclusions.
"The report gets it wrong multiple times in asserting how Facebook uses information to provide our service to more than a billion people around the world," he wrote.
He went on to reiterate that Facebook follows all applicable laws and publishes audits by their European privacy regulator, the Irish Data Protection Commissioner.