We provide the technology stack needed to safely collect, process and use consumer data for marketing purposes. Our background is digital marketing, so relevance and performance is what we deliver.
As per today’s practices you can’t really help but using Facebook as part of your marketing strategy.
However, the question that arises since the 25th of May is who is responsible for obtaining consent.
In their FAQ section, Facebook says that according to their terms, companies implementing Facebook tools must comply with applicable laws when they use such tools. That means that companies operating in the EU should obtaining prior informed consent for the storing and access of cookies or other information on the end user’s device.
Who’s the controller and who’s the processor?
Facebook will act as a data controller when they spin off a lookalike audience based on your custom audience for instance, but it will act as a processor on your behalf when you place Facebook pixel on your website. These two situations are very common, but the latter implies that you must make sure you have a legal ground for processing that data (explicit consent from your website visitors).
“When you use the Facebook pixel, you have to comply with the GDPR. Our Terms provide that companies implementing our tools must comply with applicable laws when they use our tools. For companies operating in the EU, this includes having a valid legal basis to process data and under laws applying to cookies, obtaining prior informed consent for the storing of and access to cookies or other information on a person's device.”
Just keep in mind that if you have the Facebook pixel code installed on your website, you are responsible for getting consent to process user data before firing the pixel.
Georgiana Bedivan
Head of Compliance
We've struggled to understand GDPR so you won't have to. Learn from our experience →
Since everyone is scared by penalties, we wrote and asked the Romanian Data Protection Authority (ANSPDCP) some questions about how GDPR will apply to the online processing. Here's what they had to say...
The common misbelief is that compliance on digital properties equals cookie consent. But the truth is that GDPR is not about cookies, but about who set those cookies and what for.
Some have tried with cookie consent, others with implicit consent like "by continuing to use this website...", and others simply closed their sites to European citizens.
Consent is just one of six lawful bases to process personal data, as listed in the GDPR. It may not always be necessary, but when it is, you have to make sure it is properly obtained and stored.
Although GDPR’s definition of the two may seem simple and concise, marketers are still having a hard time trying to figure out who’s what, especially when it comes to automated processing technologies.
As site owners’ challenge these days is to ensure compliance on digital assets, you should know that most of the apps and technologies you use for marketing purposes do profiling.
Starting with May 25th, a lot of misinformation regarding GDPR has been spread so understanding the basic principles of this new regulation and how to get compliant proved to be overwhelming.
As per today’s practices you can’t really help but using Facebook as part of your marketing strategy.
However, the question that arises since the 25th of May is who is responsible for obtaining consent.