We all know that a privacy policy is mandatory under many privacy laws. Even if you run your business only on Facebook – without a website – you need to have a privacy policy available for your customers to read.
Here’s what Meta states on their Pages, Groups and Events Policies:
This is the updated quote:
Should you wish to collect content or information from people who interact with your Page, group or event (e.g. information obtained from a call-to-action button) you must first provide them with notice. People from whom you collect content or information must explicitly consent to your use of their data. You must clearly explain that you (and not Meta) are collecting this data.
In order to be compliant, your policy must be up-to-date, understandable, unambiguous, and easily accessible. Also, it has to:
See this privacy policy created with our generator for an example of how these elements come together. Click on the button to open the document:
Privacy PolicyAs explained in Facebook’s Data Policy under “How do we use this information?”, Meta also collects and uses information to provide analytics services called Page Insights to Page admins to help them understand how people interact with their Pages and the content associated with them.
Also, you should communicate your legal basis:
You should ensure that you also have a legal basis for the processing of Insights data. In addition to the information provided to data subjects by Meta Ireland via the Information about Page Insights, you should identify your own legal basis including the legitimate interests you pursue
You can create your own custom clause to disclose your use of Page Insights. Visit our page to learn more.
Most importantly, if GDPR applies to your situation, do not forget to mention on which legal base you are relying on in order to process statistical data. You can rely on any of the 6 legal bases provided under the GDPR.
As stated in the Page Insights Controller Addendum, Meta is taking on major responsibilities:
Unless specified otherwise in this Page Insights Addendum, between you and Meta Ireland, Meta Ireland assumes the responsibility for compliance with the applicable obligations under the GDPR for the processing of Insights data (including, but not limited to, Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Meta Ireland will implement appropriate technical and organisational measures to ensure the security of the processing in accordance with Article 32 GDPR.
The processing of personal data for Page Insights might be subject to the joint controllership arrangement: basically, if you’re a Facebook Page admin, both you and Meta are responsible for complying with the GDPR in relation to Meta’s Page Insights service.
In any case, there is no need to add a joint controller statement, since Meta takes care of this aspect:
Meta Ireland will make the essence of this Page Insights Addendum available to data subjects (Article 26(2) GDPR). This is currently done via the Information about Page Insights data which can be accessed from all Pages.
If you need assistance with regard to a request in accordance with the Page Insights Controller Addendum, you can submit this form:
In fact, on the Page Insights Controller Addendum Meta says:
If data subjects exercise their rights under the GDPR with regard to the processing of Insights data against you (Article 26(3) GDPR), or you are contacted by a supervisory authority with regard to the processing of Insights data, each a “request”, you will forward all relevant information regarding such requests to us promptly but within a maximum of seven calendar days. For this purpose, you can submit this form. Meta Ireland agrees to answer requests from data subjects in accordance with our obligations under this Page Insights Addendum. You agree to take all reasonable endeavours in a timely manner to cooperate with us in answering any such request. You are not authorised to act or answer on Meta Ireland’s behalf.
Facebook allows you to link to your privacy policy on your page: click on About > Edit Privacy Policy to enter your privacy policy link.
Our Privacy and Cookie Policy Generator makes it easy to create a privacy policy (also) for Facebook pages: with hundreds of pre-crafted clauses, our generator lets you easily include all elements commonly required across many regions and third-party services, while applying the strictest standards by default – giving you the option to fully customize as needed.
All our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
