How to Create a Privacy Policy for Facebook Page: A Complete Guide to Data Privacy

Businesses these days would often rely on Facebook to post their content and subject, advertise their products, and create traffic for their business.

While this can be a cost-effective way of marketing your business, it works the same way as owning a website, as some legal requirements are required for a Facebook business to function.

If you want to avoid your Facebook page getting shut down for noncompliance with the applicable Law, you might want to create a privacy policy.

To help you with this, below are the steps on how to create a privacy policy for your Facebook page.

Is It Required to Have a Facebook Page Privacy Policy?

Is It Required to Have a Facebook Page Privacy Policy

Even if you only have a few followers on your Facebook page, you are still required to create a privacy policy for it.

These are just a few legal policies Facebook requires and the Law requires.

One reason why your business is required to create a privacy policy is that you are collecting your customer’s details and other personal information.

It also ensures that the content, subject, and information collected from users is for your business and not for Facebook and any other third-party services.

Here are some of the things that are deemed as “collecting personal information”:

  • Taking payments in different payment gateways, such as Stripe, Paypal, or Payoneer.
  • Using Facebook page insights product
  • Recording personal information and email addresses of your customers.

If you’re operating your Facebook page in the following regions, you will most likely need a privacy policy:

  • Canada: It is required by the country for all private sectors to provide a privacy policy according to the Personal Information Protection and Electronic Documents Act or PIPEDA.
  • European Union: The EU imposes strict implementation on data protection requirements in all businesses operating within the European economic area, according to Articles 12 to 14 of the GDPR.
  • United State: Various state laws in the United States require a privacy policy for businesses that have a website or a mobile app.
  • United Kingdom: The UK still falls under the EU, which means they must comply with the GDPR standards.

Why Does Facebook Require a Privacy Policy?

Privacy policies are meant to protect the personal data of users. It is why almost all countries around the world require it.

It’s the right of the people to know what happens with their data when accessing your website, platform, or service.

Some international laws that impose strict regulation on these matters are PIPEDA, GDPR, and CalOPPA.

Facebook pages are all covered by these laws to protect user rights because:

  • Page insights are analytics services that let you know how people interact with your website, posts, and content.
  • Gathering and collecting personal data means you need a privacy policy.
  • Facebook pages use cookies to gather data from your users.
  • When using Page Insights, you are accessing the personal information of your page and website visitors and subscribers.

What Are the Facebook Requirements for a Privacy Policy?

According to Facebook’s terms, you must fill in different information in your Privacy Policy. Here are the four requirements when creating your privacy policy.

  • Complying with Facebook’s requirements.
  • Explaining what happens when you collect content and personal data.
  • Identifying who is responsible for protecting these personal data.
  • Telling people who they can contact for more information regarding what type of data you process.

Simply put, different social media platforms have their own rules for businesses who want to use their platform, which means you are obliged to this legal obligation.

What Should Your Facebook Privacy Policy Contain?

What Should Your Facebook Privacy Policy Contain

Here are some of the information you need to put when you add a privacy policy

Business Name and Contact Details

When adding a privacy policy, you must write your personal information and contact details in full. Providing a link isn’t the best case here, nor leaving your business address.

Instead, you should input a way for them to contact you immediately. One good example is putting either your contact details or email address.

Facebook’s Details

Although you and Facebook are joint controllers, always remember Facebook faces the most responsibility between the two.

You should include Facebook’s details when you add a privacy policy to your pages.

One good example you can include in your clause is to provide a link to make it easy for people to access. These actions are often for Addendum purposes.

Declaration of Controllers

Users have the right to know who is the actual controller. If it’s you, tell them.

Moreover, you need to specify that you are the sole data controller, along with Facebook, when you add a privacy policy. Often, providing the necessary details is all it takes.

Identify Your Legal Basis for Processing Insights Data

Lastly, you need to input your legal basis for why you are processing Insights data in the first place.

Under the GDPR, six acknowledged grounds for processing data based on the subject’s information exist. These are:

  • You have their express consent
  • You are fulfilling your legal obligations
  • You have legitimate interests
  • It’s in the public interest
  • It’s part of the contract
  • Protecting the vital interests of your subjects

If you collect data to complete a contract, you may not need to ask for someone’s consent.

In addition, if you’re acting on the basis of public security, you don’t need any contract and consent as well.

Legal Basis and Purposes

Always remember that people, especially your customers, have the rightover their data. These rights are:

  • Access
  • Erasure
  • Rectification

In other words, when customers want to exercise their rights, they must lodge a request with the data controller. It can usually go in two different directions.

One, if a specific user wants to request access to their personal data that is processed through Page Insights, the only data controller responsible for this is Facebook.

This is stated in the Page Insights Controller Addendum.

Second, if a user wants access to the personal data you processed, as a data controller, this is your responsibility.

But if it relates to Page Insights data, you can simply forward it to Facebook.

How to Add a Privacy Policy for Your Facebook Page

How to Add a Privacy Policy for Your Facebook Page

Now that we’ve told you what should be included in your privacy policy, the next thing is creating it. Here is the step-by-step guide on how to create a privacy policy:

  • Step 1: You should log in to your Facebook Business Account and head to your business page.
  • Step 2: From the drop-down menu, click on “Edit Page Info.” After clicking, you will be redirected to a new page.
  • Step 3: From the menu, look for the “Privacy Policy URL,” You can input your link to your privacy policy on the blank box from the right side.

What Are the Obligations Under the Facebook Page Insights Controller Addendum?

It was in 2020 when Facebook amended its Page Insights Controller Addendum.

This Addendum confirms that Facebook and Page Admins are responsible for securing personal data gathered in Page Insights.

What this implies to the Facebook Page Admin is they are also responsible, along with Facebook, for protecting personal data.

However, Facebook is more reliable on most things than Facebook Page Admins realize. Facebook is responsible for a few things, such as:

  • Fulfilling data access
  • Telling authorities if there’s a data breach
  • Telling users of their Page Insights Privacy Rights
  • Informing users about the Addendum

As a business page admin and data protection officer, you are responsible for the following:

  • Identifying yourself as a joint controller
  • Your legitimate interests and legal basis for processing insights data

Simply put, you must clearly indicate why you gather personal information through page insights. Below, we’ll go into more detail on the job of a joint controller.

Joint Controllers

According to Article 4 of the General Data Protection Regulation, a data controller is responsible for why they collect data and what personal data they are collecting.

On the other hand, joint controllers share the same responsibility for these actions, along with Facebook or other controllers.

In some cases, a Facebook business page might only need a single data controller, whereas some might require two or more.

But if you’re wondering if there’s a scenario in which you are bound to take more responsibility, there is.

One good example is if you are interacting with page visitors.

If you collect information such as their contact number or email address, you are the sole controller and must provide notice; Facebook has nothing to do with this.

They have nothing to do with this because you are the one gathering information, and it has nothing to do with Page Insights. This exception is written on Facebook’s Pages Policy.

Frequently Asked Questions (FAQs)

If you have more questions about the privacy policy, you might find them below.

How Do I Get the Privacy PolicyLink for My Facebook Page?

There are several websites offering privacy policy generators. How it works is simply fulfilling all the necessary information for your privacy policy.

Once you’re done, a link is given to you wherein you can paste it to the provided empty box from the “Edit Page Info” page.

What Should I Write on My Facebook Page Privacy Policy?

There are four important things you should write on your privacy policy. These include:

  • How their data is stored
  • Explain what happens to their data
  • Identify who is responsible for protecting the data
  • Provide contact details or personal information if customers want to find out what data you process.


Facebook pages are a good way of advertising the products sold by your business.

However, remember there are always rules and legal agreements if you want to collect the personal data of users and customers from your website or page.

While requirements in most countries differ, privacy policies are required by the Law and Facebook, meaning if you want to opt-out of these policies, it is illegal.

We hope this article on how to make a privacy policy for your Facebook helped you in so many ways possible.