Drücke „Enter”, um zum Inhalt zu springen.
Hinweis zu diesem Datenschutz-Blog:
Anscheinend verwenden Sie einen Werbeblocker wie uBlock Origin oder Ghostery, oder einen Browser, der bestimmte Dienste blockiert.
Leider wird dadurch auch der Dienst von VG Wort blockiert. Online-Autoren haben einen gesetzlichen Anspruch auf eine Vergütung, wenn ihre Beiträge oft genug aufgerufen wurden. Um dies zu messen, muss vom Autor ein Dienst der VG Wort eingebunden werden. Ohne diesen Dienst geht der gesetzliche Anspruch für den Autor verloren.

Ich wäre Ihnen sehr verbunden, wenn Sie sich bei der VG Wort darüber beschweren, dass deren Dienst anscheinend so ausgeprägt ist, dass er von manchen als blockierungswürdig eingestuft wird. Dies führt ggf. dazu, dass ich Beiträge kostenpflichtig gestalten muss.

Durch Klick auf folgenden Button wird eine Mailvorlage geladen, die Sie inhaltlich gerne anpassen und an die VG Wort abschicken können.

Nachricht an VG WortMailtext anzeigen

Betreff: Datenschutzprobleme mit dem VG Wort Dienst(METIS)
Guten Tag,

als Besucher des Datenschutz-Blogs Dr. DSGVO ist mir aufgefallen, dass der VG Wort Dienst durch datenschutzfreundliche Browser (Brave, Mullvad...) sowie Werbeblocker (uBlock, Ghostery...) blockiert wird.
Damit gehen dem Autor der Online-Texte Einnahmen verloren, die ihm aber gesetzlich zustehen.

Bitte beheben Sie dieses Problem!

Diese Nachricht wurde von mir persönlich abgeschickt und lediglich aus einer Vorlage generiert.
Wenn der Klick auf den Button keine Mail öffnet, schreiben Sie bitte eine Mail an info@vgwort.de und weisen darauf hin, dass der VG Wort Dienst von datenschutzfreundlichen Browser blockiert wird und dass Online Autoren daher die gesetzlich garantierten Einnahmen verloren gehen.
Vielen Dank,

Ihr Klaus Meffert - Dr. DSGVO Datenschutz-Blog.

PS: Wenn Sie meine Beiträge oder meinen Online Website-Check gut finden, freue ich mich auch über Ihre Spende.
Ausprobieren Online Webseiten-Check sofort das Ergebnis sehen

Using Facebook Pixel Legally: A Guide

0
Dr. DSGVO Newsletter detected: Extended functionality available
More articles · Website-Checks · Live Offline-AI
📄 PDF for this post
📄 Article as PDF (only for newsletter subscribers)
🔒 Premium-Funktion
Der aktuelle Beitrag kann in PDF-Form angesehen und heruntergeladen werden

📊 Download freischalten
Der Download ist nur für Abonnenten des Dr. DSGVO-Newsletters möglich

The Facebook Pixel is probably the most popular remarketing instrument and at the same time highly sensitive from a data protection law perspective. The contribution shows how one can use the Facebook Pixel relatively lawfully.

Facebook Pixel and Data Protection

It is well known that the company Facebook (USA) collects a lot of data from its users. The platform itself is free, the user pays with his data. What was already somewhat problematic in the past, to put it politely, has been highly explosive since May 25, 2018 with the General Data Protection Regulation.

The core of the solution proposal is a self-developed opt-out possibility for the Facebook Pixel, which in combination with other measures helps to be as compliant as possible with the General Data Protection Regulation. However, nobody knows exactly what data Facebook or Meta processes for what purpose. At least there is a judgment on the Facebook plugin (ECJ ruling of 29.07.2019 – C-40/17 – "Fashion ID"), according to which joint responsibility exists. In case of problems, therefore, both the website operator who integrates the FB Pixel and Meta are in the same boat. However, one should assume that Meta does not participate actively.

Requirements

For analysis tools on websites to have a chance at legal security, several requirements must be met, including: 1:

  • Consent request: The pixel may only be loaded after the user (=visitor to the website) has consented. This results, among other things, from Section 25 TTDSG, Art. 49 GDPR, the Schrems II ruling of the ECJ (ruling of 16.07.2020 – C-311/18) and Art. 5 para. 1 lit. c GDPR (“data minimization”)
  • Ordinary text for data protection statement: Mention of component, its purpose, providing company (address), link to data protection statement from providing company to component, personal data collected, other hints (such as linking with Facebook account if user is currently logged in there)
  • Option to opt out of data collection by the analysis tool
  • IP address anonymization (see Google Analytics, for example)
  • Minimizing the data to be collected to a justifiable extent (I wouldn't know why one needs to know the exact age of their website visitors, no one has that right on demand)
  • Contract for commissioned data processing with the provider of the analysis tool
  • Guarantee that the provider of the analysis tool complies with applicable data protection regulations here

Those who believe this is possible with the Facebook Pixel can continue. Some points do not necessarily concern this pixel because it should not be seen as an analysis tool by necessity.

Obtain consent

Step 1: Do not load pixels

Under no circumstances play out the code for the FB Pixel actively and hope that a consent tool suppresses this code effectively until the user has given their consent. See my investigation into cookie tools.

Instead, use one of the following two options:

  1. Load code for the FB pixel after user has agreed.
  2. Play code inactive and only activate after user has agreed.

One possibility can, for example, be realized with my free consent tool.

Possibility two uses the already quite widespread Directive data-src (instead of src) in script instructions. The code for the FB pixel looks like this then:

<script data-src="/script/to/pixel-code"></script>

The prerequisite is that the code for loading the Facebook Pixel must be in a script file. Those looking for technical tips on this can find them in my post about the linked consent tool. Maybe the following code example will also be helpful.

Step 2: Data protection notices on consent request

In my checklist for consent requests, you will find the specifications that are often referred to as "Cookie Popup" when making a consent popup. These include in particular:

  • Service name, here: Facebook Pixel (or equivalent, depending on the type of loaded FB service)
  • Brief purpose description
  • Providers are named: Meta with country specification (the full address also or at least in the data protection declaration)
  • Point out that risks exist according to Art. 44 GDPR due to data transfer to the US
  • All cookies are named. Per cookie
    • Name
    • Purpose description
    • Service life

Make sure that the option to agree is not visually emphasized over the option to decline on the "Cookie Popup". Decline must be at least as easy to do as agreeing.

Opt-out possibility

The Facebook Pixel does not have a built-in opt-out option. I suggest the following solution:

Step 1: Insert JavaScript code

Add the following code on every page of your website, adjust the Facebook ID in the code, it can be inserted in the BODY area, perhaps right at the beginning:

Read full article now via free Dr. GDPR newsletter.
More extras for subscribers:
Offline-AI · Free contingent+ for Website-Checks
Already a subscriber? Click on the link in the newsletter & refresh this page.
Subscribe to Newsletter
About the author on dr-dsgvo.de
My name is Klaus Meffert. I have a doctorate in computer science and have been working professionally and practically with information technology for over 30 years. I also work as an expert in IT & data protection. I achieve my results by looking at technology and law. This seems absolutely essential to me when it comes to digital data protection. My company, IT Logic GmbH, also offers consulting and development of optimized and secure AI solutions.

Legal notices in the imprint