Full Spectrum Agency
Share the Geekness
Facebook Ads and GDPR

Facebook Ads and GDPR

So where do you stand with Facebook Ads and GDPR… If it wasn’t bad enough that people are confused about the Re-opt-in vs opt-out stuff going on (see this pretty decent blog post)

GDPR is shaking up marketing… But seriously if they were going to approach EVERY single small business who didn’t quite get it then we’d all be in trouble…

Here’s the thing, it’s an interpretive legislation… Which means everyone can interpret it differently…

So there are loads of ‘experts’ out there giving different advice…

Here’s what I’ve figured out about GDPR and Facebook Ads…

Disclaimer: I am by no means a GDPR expert and don’t claim to be one… All information provided is to the best of my knowledge, but you should do your own research before making any decisions that could impact your business.

GDPR and Facebook Ads

Firstly we need to make a quick distinction between the data controller and data processor…

Data controller 

Is essentially the person who is responsible for the control of the data and deciding how it is processed

Data processor 

Is the person responsible for processing the data on behalf of the data controller

For more information click here 

Why is this important for the Facebook pixel?

Well when you place the Facebook pixel on your site, Facebook is the data controller (you are the data processor)...

This means they have responsibility for informing your visitors of how their data is being processed…  

You don’t get out of it that easily though…

If you have a Facebook Pixel on your site you need to make it clear in your Privacy Policy AND people need to consent to it…

This is the addition I’ve used to my privacy policy (please check with your legal representative before making any changes to your privacy policy)

Furthermore, you need to get consent from people visiting your site.

You can use a cookie bar for that… Which is essentially a banner that pops up and asks for consent before continuing to browse…

If you’re using WordPress you can get a plugin to do it here 

It’s important to note that automatic pop-ups are actually banned on landing pages used for Facebook Ads… And as yet Facebook hasn’t confirmed or denied where cookie bars fit.

So what about GDPR and custom audiences

Firstly what is a custom audience… A custom audience is an audience of people on Facebook Ads, who have been identified because of a certain action. If that action is on your website (using the Facebook pixel) or watching a video on Facebook then Facebook remains the data controller…

If, however, you upload a list to Facebook as a custom audience or upload offline events then that makes YOU the data controller and Facebook the data processor… So you’re responsible for complying with GDPR on the data (i.e. the email list) before you upload it to Facebook…

What’s stopping loads of unethical list sharing?

Funnily enough Facebook is in the process of creating a Custom Audience permission https://techcrunch.com/2018/03/31/custom-audiences-certification/  tool which essentially asks you to confirm whether the data is legit or not…

Other controls

Facebook is also putting in a number of other measures to protect user data. Such as Face recognition… Permission-based marketing where Facebook directly asks the user if they’re happy for their data to be used to send targeted ads. 


Lead generation with GDPR

So if you’re using Facebook Ads for lead generation, then GDPR can make things a little more tricky… You HAVE TO GET CONSENT for data to be used for marketing purposes…

Which means that if someone downloads your lead magnet and you continue to market them without consent then you are non-compliant. But they MUST still be allowed to receive the lead magnet.

Essentially stopping a lot of traditional get this lead magnet and I’ll keep marketing to you strategies.

A lot of people are promoting check-boxes and or double opt-ins alternatively you MUST word it in your ad or landing page instead of

Download this FREE ‘funky lead magnet’


Join the mailing list and receive this FREE ‘funky lead magnet’

It’s a subtle difference but an important one…

Click here for a great resource from the ICO on Marketing under GDPR.

Final Thoughts

GDPR is going change a lot of how things are done online…  It’s important you know the regulations and understand how they change the landscape of internet marketing and specifically, Facebook Ads.

It’s designed to cut out bad practices, such as emails without unsubscribe links… If you’re doing everything you can to ensure compliance you should be alright.

Further Reading

Here’s some excellent links I recommend you check out:

ICO’s GDPR guidelines for small businesses https://ico.org.uk/for-organisations/business/

ICO’s guide for marketing https://ico.org.uk/media/for-organisations/documents/1555/direct-marketing-guidance.pdf

Register with ICO https://ico.org.uk/for-organisations/register/

Facebook on GDPR https://www.facebook.com/business/gdpr

Facebook’s guide to consent - https://developers.facebook.com/docs/privacy

Facebook latest news https://newsroom.fb.com/

About the Author Martin Jolley-Jarvis

Facebook Ads and general all round marketing super geek. Loves facts, figures and metrics... If it's important then track it in a spreadsheet. Also drinks tea by the gallon, especially green tea... It's amazing he isn't the colour of the incredible hulk...