Businesses these days would often rely on Facebook to post their content and subject, advertise their products, and create traffic for their business.
While this can be a cost-effective way of marketing your business, it works the same way as owning a website, as some legal requirements are required for a Facebook business to function.
These are just a few legal policies Facebook requires and the Law requires.
It also ensures that the content, subject, and information collected from users is for your business and not for Facebook and any other third-party services.
Here are some of the things that are deemed as “collecting personal information”:
- Taking payments in different payment gateways, such as Stripe, Paypal, or Payoneer.
- Using Facebook page insights product
- Recording personal information and email addresses of your customers.
- European Union: The EU imposes strict implementation on data protection requirements in all businesses operating within the European economic area, according to Articles 12 to 14 of the GDPR.
- United Kingdom: The UK still falls under the EU, which means they must comply with the GDPR standards.
Privacy policies are meant to protect the personal data of users. It is why almost all countries around the world require it.
It’s the right of the people to know what happens with their data when accessing your website, platform, or service.
Some international laws that impose strict regulation on these matters are PIPEDA, GDPR, and CalOPPA.
Facebook pages are all covered by these laws to protect user rights because:
- Page insights are analytics services that let you know how people interact with your website, posts, and content.
- When using Page Insights, you are accessing the personal information of your page and website visitors and subscribers.
- Complying with Facebook’s requirements.
- Explaining what happens when you collect content and personal data.
- Identifying who is responsible for protecting these personal data.
- Telling people who they can contact for more information regarding what type of data you process.
Simply put, different social media platforms have their own rules for businesses who want to use their platform, which means you are obliged to this legal obligation.
Business Name and Contact Details
Instead, you should input a way for them to contact you immediately. One good example is putting either your contact details or email address.
Although you and Facebook are joint controllers, always remember Facebook faces the most responsibility between the two.
One good example you can include in your clause is to provide a link to make it easy for people to access. These actions are often for Addendum purposes.
Declaration of Controllers
Users have the right to know who is the actual controller. If it’s you, tell them.
Identify Your Legal Basis for Processing Insights Data
Lastly, you need to input your legal basis for why you are processing Insights data in the first place.
Under the GDPR, six acknowledged grounds for processing data based on the subject’s information exist. These are:
- You have their express consent
- You are fulfilling your legal obligations
- You have legitimate interests
- It’s in the public interest
- It’s part of the contract
- Protecting the vital interests of your subjects
If you collect data to complete a contract, you may not need to ask for someone’s consent.
In addition, if you’re acting on the basis of public security, you don’t need any contract and consent as well.
Legal Basis and Purposes
Always remember that people, especially your customers, have the rightover their data. These rights are:
In other words, when customers want to exercise their rights, they must lodge a request with the data controller. It can usually go in two different directions.
One, if a specific user wants to request access to their personal data that is processed through Page Insights, the only data controller responsible for this is Facebook.
This is stated in the Page Insights Controller Addendum.
Second, if a user wants access to the personal data you processed, as a data controller, this is your responsibility.
But if it relates to Page Insights data, you can simply forward it to Facebook.
- Step 1: You should log in to your Facebook Business Account and head to your business page.
- Step 2: From the drop-down menu, click on “Edit Page Info.” After clicking, you will be redirected to a new page.
What Are the Obligations Under the Facebook Page Insights Controller Addendum?
It was in 2020 when Facebook amended its Page Insights Controller Addendum.
This Addendum confirms that Facebook and Page Admins are responsible for securing personal data gathered in Page Insights.
What this implies to the Facebook Page Admin is they are also responsible, along with Facebook, for protecting personal data.
However, Facebook is more reliable on most things than Facebook Page Admins realize. Facebook is responsible for a few things, such as:
- Fulfilling data access
- Telling authorities if there’s a data breach
- Telling users of their Page Insights Privacy Rights
- Informing users about the Addendum
As a business page admin and data protection officer, you are responsible for the following:
- Identifying yourself as a joint controller
- Your legitimate interests and legal basis for processing insights data
Simply put, you must clearly indicate why you gather personal information through page insights. Below, we’ll go into more detail on the job of a joint controller.
According to Article 4 of the General Data Protection Regulation, a data controller is responsible for why they collect data and what personal data they are collecting.
On the other hand, joint controllers share the same responsibility for these actions, along with Facebook or other controllers.
In some cases, a Facebook business page might only need a single data controller, whereas some might require two or more.
But if you’re wondering if there’s a scenario in which you are bound to take more responsibility, there is.
One good example is if you are interacting with page visitors.
If you collect information such as their contact number or email address, you are the sole controller and must provide notice; Facebook has nothing to do with this.
They have nothing to do with this because you are the one gathering information, and it has nothing to do with Page Insights. This exception is written on Facebook’s Pages Policy.
Frequently Asked Questions (FAQs)
Once you’re done, a link is given to you wherein you can paste it to the provided empty box from the “Edit Page Info” page.
- How their data is stored
- Explain what happens to their data
- Identify who is responsible for protecting the data
- Provide contact details or personal information if customers want to find out what data you process.
Facebook pages are a good way of advertising the products sold by your business.
However, remember there are always rules and legal agreements if you want to collect the personal data of users and customers from your website or page.
While requirements in most countries differ, privacy policies are required by the Law and Facebook, meaning if you want to opt-out of these policies, it is illegal.