Given a commercial website
buy.com and a user with a Facebook account in
facebook.com, the user has third-party cookies disabled in the browser.
If a user is logged in their Facebook account and visits
facebook.com, Facebook can set first-party cookies for
Now the user visits
buy.com, the site uses a web beacon with an
<img> tag with
src pointing to a
Can the user can still be tracked and a retargeting campaign can happen without consent?
Assumption is that the request from the
<img> tag on the
buy.com site, sends info about the visit on the URL and is able to trace it back to the original user thanks to the first-party cookies that were set by the visit to Facebook and get resent on the request for the web beacon even from a different domain. Is that correct?