Please enter a search term below:
Here we’ll specifically look at Facebook advertising, because unless you’ve been living under a rock for the last month or two, Facebook has had a pretty woeful time in terms of data handling recently. Facebook is also a slightly different beast in that it is both a data controller and a data processor. But of course, GDPR legislation affects any other digital advertising partner you may use, such as Google or Bing.
The TL;DR of this is that as an advertiser or owner of a Facebook advertising account, you need to be doing exactly what Facebook is doing, ensuring a relevant legal basis for the use of customer data. And you’re solely responsible for ensuring GDPR compliance when you are the data controller, so no trying to blame Facebook if you’re not ready in time for May 25th!
Now let’s get into the good stuff…
Existing Customer Data
As many advertisers do, you’ve probably uploaded a customer list into Facebook Ads to better target your ads and make them more relevant to your customer base. If you have done this, GDPR requires that data is only held for as long as is necessary for the purposes that it was collected for, and that data subjects are informed of the retention period.
So, if you have a data list in your Facebook Ads account that don’t meet GDPR requirements, i.e. you have no traceability of consent, and/or the list is no longer relevant for advertising use, these need to go before May 25th.
Moving forward, it’s necessary that you have a clear legal basis for collecting the data and make sure the users of the data you’re collecting are aware how long you’ll hold that data for.
Facebook is also in the process of creating a Custom Audiences Permissions Tool that will require user consent confirmation.
Not much about this needs to change. If you’re using Facebook Pixel, you have GDPR obligations, and Facebook lists the following as instances in which you’ll need to obtain user consent:
• A Facebook advertiser who installs the Facebook or Atlas pixel on its website in order to measure ad conversions or retarget advertisements on Facebook”
Acquiring consent is fairly simple. You’ll just need to inform site users how and why you’re tracking their data. The easiest way to do this is through a cookie bar that you see on a growing number of websites today.
Both Instagram and Whatsapp are in the Facebook family and so fall under the same GDPR compliancy terms as Facebook. Instagram adverts created through the Facebook ads programme won’t require any extra work. No worries there!
Feel free to give us a ring for a conversation about GDPR and your digital advertising.
By Jess Buckley