The General Data Protection Regulation (GDPR) took effect on May 25, 2018, and creates consistent data protection rules across Europe. It applies to companies (regardless of where they are based) who process personal data about individuals in the EU.
While many of the principles build on current EU data protection rules, the GDPR has a wider scope, more prescriptive standards and substantial fines. For example, it requires a higher standard of consent for using some types of data and broadens individuals' rights with respect to accessing and porting their data.
Businesses who advertise with the Facebook companies can continue to use Facebook platforms and solutions in the same way they do today. Each company is responsible for ensuring their own compliance with the GDPR, just as they are responsible for compliance with the laws that apply to them today.
As of May 25, 2018, businesses may want to implement code that creates a banner and requires affirmative consent (for example, an “I agree” checkbox at the top of the page) to use the pixel. If you already have a system in place that addresses this need, such as a tag manager, you can make this code optional.
Use the following API to pause sending pixel fires to Facebook, and once cookie consent is granted, send pixel fires to Facebook. You need to call revoke on every page.
fbq('consent', 'revoke'); fbq('consent', 'grant');
// Revoke consent before 'init' is called fbq('consent', 'revoke'); fbq('init', '<your pixel ID>'); fbq('track', 'PageView');
// Once affirmative consent has been granted fbq('consent', 'grant');
For more information, see our Cookie Consent Guide.
Learn more about specific ad products and FAQs about the GDPR:
For information about how to use data from the pixel, see our conversion tracking document.