Facebook offers a variety of advertising services - one of these services is the Website Custom Audience which business owners are able to use to set up retargeting.
Retargeting (also known as remarketing) can be a great way to advertise your products and services, however it does mean you will be subject to some extra compliance requirements.
Let's break down these legal requirements further.
The California Online Privacy Protection Act (CalOPPA)
There is no federal law governing Privacy Policies and data collection In the United States.
However, CalOPPA is one of the strictest privacy laws in the world and applies to any website or app that is available to residents of California - even if the business has no physical presence in California.
Other Country's Laws
If you have users based within the following countries you will need to comply with their respective laws:
- Canada - The Personal Information Protection and Electronics Documents Act (PIPEDA)
- Australia - The Privacy Act
- UK - Data Protection Act (DPA)
In addition, if any of your user's are based within the EU, you will need to comply with the strict GDPR.
EU Cookies Directive
Another important law that you should be aware of is the EU Cookies Directive.
One of the biggest criteria to note is that the Directive requires you to obtain the user's consent prior to using the cookies.
The Cookies Policy advises that Shell uses retargeted advertising by explaining that cookies are used to 'serve you specific content' and 'serve you with targeted advertisements on third party website(s) in an effort to re-market our products and services to you':
If you use Facebook Pixel, you must agree to the Facebook Business Tool Terms. These terms specify that any website or app using Facebook for pixels or SDK's must provide notice to users about the collection, sharing and usage of their data, as well as information about opting out of this:
Websites need to state where Facebook Pixel are used on each page.
Websites must also advise users that they have the right to opt-out of the collection and use of their personal data for targeting advertising. You must also make sure that you explain how users are able to opt-out:
In particular, the explanation must state that third parties are able to collect and receive information from your app and use that information for the purpose of providing targeted advertising to the user.
When you agree to the terms you are stating that you will ensure that your website or app's users have given their consent before you activate any Facebook Business Tools which enable cookies to be stored on the user's device.
This is only applicable to jurisdictions that require informed consent for the storing and accessing of cookies.
For example, the EU makes it clear in the EU Cookie's Directive that consent must be sought from EU citizens.
The clause should:
- Explain that your business uses Facebook retargeting with Facebook Pixel
- Advise users what retargeting is and how it is used
- Inform users that third parties, such as Facebook, display your adverts on their website or app
- Advise users that they have the right to object to retargeting and to opt-out of cookies. Make sure you inform users how they can do so.
Let's look at a few examples of how other companies have included retargeting in their Privacy Policies.
The clause explains that Facebook Pixel 'allows user behavior to be tracked after they have been redirected to the provider's website by clicking on a Facebook ad.' The company also advise that this data is stored by Facebook:
The clause explains in simple terms that the company's adverts may appear on the user's Facebook page after they have visited the company's website and this is known as retargeting.
The retailer also explains that Facebook uses a Custom Audience Pixel to do this and places a cookie in the user's browser whenever they land on a webpage:
Retailer Pai Skincare has a clause disclosing that its website uses Facebook Pixel and briefly explain what this means:
Henry's House of Coffee informs users that the retailer utilizes retargeting services to display targeted advertisements to users on third party websites after users have visited the retailer's website. The clause also explains that cookies are used to provide adverts, based on user's previous visits to the store:
The clause goes on to advise which third party services are used for remarketing. The retailer uses Facebook retargeting and provides a link for users to explore should they wish to learn more about interest-based advertising from Facebook.
Importantly, the clause also explains that users have the ability to opt-out of Facebook's retargeting and provide a link to instructions on how to do the same. The company also provides a link to Facebook's data policy:
The clause builds trust with users by making it clear that the company only uses the Facebook Pixel to display Facebook adverts to users who have shown an interest in the company's website.
The retailer says it doesn't want its adverts to be a nuisance to users, and thus works with Facebook Pixel to ensure that the adverts are inline with a user's interests:
The clause also provides links to Facebook's policies and advises users how they can object to the collection of data by the Facebook Pixel and the use of the data for the purposes of targeted advertising. A link to Facebook's instructions regarding how to do the same is also provided:
The vast majority of third party retargeters require users to be informed about retargeting as part of their service agreements. Facebook is no exception. Its terms state that users must be informed about retargeting.
In particular, make sure you tell users that third parties (including Facebook) may collect data using cookies or other storage technologies. Further advise that third parties are able to provide targeted advertising to the user by utilizing this information.