Do you use Facebook Ads to advertise your content? Now is that advertising targeting Europe? If it is, there’s a pretty good chance you’re familiar with the General Data Protection Regulation (GDPR). Facebook recently released a notice on how the new GDPR standard will affect it’s platform.
Facebook’s release went over how it will affect advertisers and what you can do to prepare for the changes coming into effect on May 25, 2018. Let’s go into some detail on how this will effect the 3-million plus businesses that advertise on Facebook.
What is the GDPR?
Well, their own website says that it’s “the most important change in data privacy regulation in 20 years.”
So, if you’re based in the EU or offer your services/goods to those in the EU and you monitor and collect data from those customers in the EU, the GDPR is forcing you to be more transparent in what type of personal data you are collecting and what you do with it. Here’s the kicker, prospects (customers/users) must give their expressed consent in order for you to harvest and use that data.
Talk about a sweeping change, right? Now consumers have more power than ever before regarding their personal data (as they should – I mean, it’s their data, right?). For example, if they do not want you to have their data, you must respect their authority and comply (or be levied a heft fee, like 4% of global annual revenue).
What does facebook have to say?
By now, you’ve heard of all the Facebook news regarding Senators, Mark Zuckerberg, Data Privacy, etc etc. If you haven’t by now you probably live under a rock like Patrick.
So with all the news surrounding Facebook, they’ve been proactive and have made a strong push to be transparent regarding GDPR protections. Facebook is focusing on three commitments regarding consumer privacy: transparency, control, and accountability. While this sounds great, what does it actually mean?
Well, it’s pretty straightforward. Facebook is going to make it easier for people to figure out what Facebook knows about them based on the data they share on its platform. Facebook is also going to make a concerted effort to care more about how other (advertisers) handle the data.
So now that we understand what GDPR is and what Facebook has to say about it, let’s discuss how this specifically is going to impact your advertising.
What Do You Have To Do On Facebook Now?
Exactly what Facebook is doing. Simple as that. To use their platform, you must be compliant with their rules. Hey, I don’t make the rules, they do.
You will need to inform your prospects on what kinds of data you’re collecting, what you’re doing with it, and who will see it. If you’ve come to this website you probably saw a pop-up on the top bar informing you how we use your data. But if you have further questions on how to be compliant, check out the FAQ page on the EU website.
You need to ensure a “relevant legal basis for your use of consumer data.”
If you don’t become compliant by May 25th 2018, Facebook will have no sympathy for you as they state, “Each company is responsible for ensuring their own compliance with the GDPR, just as they are responsible for compliance with the laws that apply to them today.”
How Does This Effect The Facebook Pixel?
Short answer, it will. Anyone using the Facebook Pixel will have obligations under the GDPR. You can read more about examples where you will need to obtain consent from prospects from Facebook’s Cookie Consent Guide.
In layman’s terms, implementing a cookie bar (like this site) or requesting consent on sign up (like Facebook) are sure-fire ways to be in consent with the new GDPR standards.
Oh, and don’t forget about Instagram. Maybe you didn’t know this but Facebook owns Instagram (yes, they bought it). So, you’ll have to be just as compliant on Instagram as you will be on Facebook.
What About custom audiences?
This is where things get tricky. When you place the Facebook Pixel on your site, Facebook is the data controller (not you). This means that they are responsible for informing your prospects that their data is being processed and leveraged as targeting across their various properties.
However, when you upload a custom audience to Facebook, they are simply processing that data. Therefore, you will be responsible for complying with GDPR standards before that information is uploaded to Facebook. How? In the near future, Facebook will be implementing a Custom Audiences permission tool that will require you to provide proof that you required proof. What that proof looks like isn’t clear. However, you can guess that Facebook will be as transparent as possible to hold you accountable that the data harvested is in compliance with GDPR.
A quick note about Lead Ads: Facebook states that both you and Facebook are data controllers when it comes to Facebook Lead Ads. Therefore, you have a responsibility to let the consumers know how their data will be collected and used. Luckily, you can link to your privacy policy within the Lead Ad Setup.
If you want to advertise to the EU, you need to be GDPR compliant by May 25, 2018. Simple as that. Facebook will penalize you and potentially ban your Ad Accounts/Business Manager Accounts if you’re not. What if you’re only targeting the US? If you want to avoid the past few months that Facebook had, we recommend you make sure all your digital assets are GDPR compliant.