FB SDK Best Practices for GDPR Compliance

When you use the FB SDK for App Events, our business terms require that you have an appropriate legal basis to collect and process users' information. Under GDPR and other EU data protection regulations, you are required to obtain end user consent before sending data via our SDK. Thus, you need to ensure that your SDK implementation meets these consent requirements.

The SDK by default automatically logs common mobile events from your app like app installs and app launches. These events are transmitted to Facebook when an app is opened to provide you insights into your app's user behavior and ad campaign performance.

To help you implement consent mechanisms to meet the legal obligations under EU data protection law and our Business Tools Terms, we offer the following resources:

1) Consent Guide

You can review our consent guide for practical guidance and best practices on asking for consent on your sites and apps. If you choose to obtain user's informed consent prior to the app install via a separate user registration flow, as noted in the above consent guide, you will not need to make any changes to continue using the Facebook SDK and its auto-logging feature.

2) Delaying automatic event collection

If you don't a pre-install mechanism for obtaining user consent, you will need to take additional step to fulfill the legal obligations for using FB SDK. We provide tools to delay the transmission of data from the SDK until a user has had the opportunity to go through an in-app consent flow.

Follow the instruction below to implement the feature:

Requirements

  • Facebook SDK v.4.40 or higher. Visit our upgrade guide to learn how to upgrade to the latest SDK version.

For Android

  • Set the AutoLogAppEventsEnabled flag to False in your AndroidManifest.xml file:
<application>
  ...
  <meta-data android:name='com.facebook.sdk.AutoLogAppEventsEnabled'
           android:value='false'/>
  ...
</application>
  • Then re-enable auto-logging after an end-user provides consent, by calling the setAutoLogAppEventsEnabled()method of the FacebookSDK class.
setAutoLogAppEventsEnabled(true);

for iOS

  • Open the application's .plist as code in Xcode and add the following XML to the property dictionary:
<key>FacebookAutoLogAppEventsEnabled</key><false/>
  • Then re-enable auto-logging after an end-user provides consent, by calling the setAutoLogAppEventsEnabledmethod of the FBSDKSettings class.

For Swift:

FBSDKSettings.setAutoLogAppEventsEnabled(true)

For Objective-C:

[FBSDKSettings setAutoLogAppEventsEnabled:YES];

3) Disabling automatic event collection

You can also disable automatic event logging entirely to stop transmitting any data to Facebook when an app is opened. Note: If you leave automatic event logging disabled, you will no longer be able to track app install and app launch events. You will need to add additional code manually to log these events.

Android

  • Add the following line to your AndroidManifest.xml file:
<application>
  ...
  <meta-data android:name='com.facebook.sdk.AutoLogAppEventsEnabled'
           android:value='false'/>
  ...
</application>

iOS

  • Open the application's .plist as code in Xcode and add the following XML to the property dictionary:
<key>FacebookAutoLogAppEventsEnabled</key><false/>