General Data Protection Regulation

The General Data Protection Regulation (GDPR) took effect on May 25, 2018, and creates consistent data protection rules across Europe. It applies to companies (regardless of where they are based) who process personal data about individuals in the EU.

While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data and broadens individuals' rights with respect to accessing and porting their data.

Businesses who advertise with the Facebook companies can continue to use Facebook platforms and solutions in the same way they do today. Each company is responsible for ensuring their own compliance with the GDPR, just as they are responsible for compliance with the laws that apply to them today.

Cookie Consent

As of May 25, 2018, businesses may want to implement code that creates a banner and requires affirmative consent (for example, an “I agree” checkbox at the top of the page) to use the pixel. If you already have a system in place that addresses this need, such as a tag manager, you can make this code optional.

Use the following API to pause sending pixel fires to Facebook, and once cookie consent is granted, send pixel fires to Facebook. You need to call revoke on every page.

fbq('consent', 'revoke');
fbq('consent', 'grant');

For example:

// Revoke consent before 'init' is called
fbq('consent', 'revoke');
fbq('init', '<your pixel ID>');
fbq('track', 'PageView');
// Once affirmative consent has been granted
fbq('consent', 'grant');

For more information, see our Cookie Consent Guide.

What data does the Facebook pixel collect?

See our Cookie Policy for details about the cookies used and the data received. The Facebook pixel receives these types of data:

  • Http Headers – Anything present in HTTP headers. HTTP Headers are a standard web protocol sent between any browser request and any server on the internet. HTTP Headers include IP addresses, information about the web browser, page location, document, referrer and person using the website.
  • Pixel-specific Data – Includes Pixel ID and the Facebook Cookie.
  • Button Click Data – Includes any buttons clicked by site visitors, the labels of those buttons and any pages visited as a result of the button clicks.
  • Optional Values – Developers and marketers can optionally choose to send additional information about the visit through conversion tracking. Example custom data events are conversion value, page type, and more.
  • Form Field Names – Includes website field names like ‘email’, ‘address’, ‘quantity’ for when you purchase a product or service. We don't capture field values unless you include them as part of Advanced Matching, conversion tracking, or user properties.

Need more information?

Learn more about specific ad products and FAQs about the GDPR:

For information about how to use data from the pixel, see our conversion tracking document.