The most alarming claims in the report were that Facebook places a cookie on users' PCs whenever they visit Facebook.com, regardless of whether they have an account or not.
Another was that users who subsequently visit one of 13 million sites featuring Facebook social plug-ins, such as a "Like" button, will have information sent back to the company.
The company wrote: "[This] is not our practice. However, the researchers did find a bug that may have sent cookies to some people when they weren’t on Facebook. This was not our intention — a fix for this is already under way."
Facebook went on to explain the researchers had found a "few instances" of cookies being placed, but described these as "individual cases.".
Facebook did not give any further information about the bug. The company also admitted it does receive "web impressions" when consumers visit a web page featuring one of its social plug-ins, but claimed this didn't count as tracking.
It also claimed that when users opt out of tracking, Facebook no longer uses their information for ad targeting on any device.
Elsewhere in Europe, Facebook is facing a major privacy battle after 25,000 users brought a class-action suit against the company for multiple privacy violations.
Austrian privacy activist Max Schrems has brought the suit against Facebook, with the support of thousands of other European Facebook users. They pointed to Facebook tracking users across the web through social plug-ins as a privacy infraction.
The social network is looking to block the case.
This article first appeared on marketingmagazine.co.uk.