When Apple released the new iOS 14.5 update (April 26, 2021), marketeers, and advertisers were in panic. This huge privacy update was undoubtedly going to affect your business when using Facebook and Instagram ads.
The all-famous iOS update had a new feature that gave users the possibility to block tags and cookies in websites and apps. When a user would update his device to this new version, your browser and apps would send fewer data to the Facebook Pixel, and that would make it much harder to track events and remarket your audience. If someone clicks on an element or submits a form, you probably wouldn’t know. This is where Facebook’s new concept came into play: the Conversions API. It’s already been here for some time. But what does it do? And does it have any consequences for your visitors? Should you change your privacy statement for it? Let’s find out! 🧑💻
What is the difference between the Pixel and Conversions API?
Facebook’s Pixel is a client-side script that sends data through a user’s browser. It will detect page views, but you can track many interactions. Because the tool is in the browser, it can be disabled by browsers like Safari and Firefox, or by an adblocker extension.
The Conversion API works differently. It’s a tool that runs on a server. It tracks all conversions on the website’s server instead of in the browser. If you do it in this way, it won’t impact any performance of the visitor and can’t be easily blocked.
To be clear: this instrument won’t replace the Pixel. It’s an extra tool that will track conversions on the server. The Pixel is still required to be set up first before you’re starting to work with the API. When both are set up, you increase the chances that an event will be recorded. This will improve the data required for ad targeting, reporting, serving dynamic ads, conversion optimization, and so on. Besides that, the API gives you even more available parameters which can be sent, like profit margins and customer value.
Pro-tip: After setting up both tracking ways, it can happen that events will be measured twice. If this happens, you will have to implement deduplication. This means the parameters ‘event_name’ and ‘event_id’ have to be sent to the API. More info can be found in Facebook’s developer documentation.
Do I have to update my privacy and cookie statement? 🖋
Assuming you’ve already stated that you’re sending data through the Pixel to Facebook, I’ll go over what needs to be added or updated. The data will be sent from your domain and will be called ‘first party’, but that doesn’t mean you can simply take out Facebook from your statements. Write down what data of your visitors are being sent to Facebook, how this happens and why you’re doing this.
It can happen that you’re sending more data than you had in mind. Some integrations with the API are already pre-built, like Woocommerce or Shopify. You have to keep in mind that these integrations scrape as much data as they possibly can, and you won’t have any control over this. When building with the API yourself, you will have this control, but it requires knowledge and time.
Even though you’re not adding any third-party cookies, the statement still has to be updated. You have to add that you will use this alternative method to send the data. It’s important to inform how you do it and to briefly summarize what it’s used for, like you would do for every cookie. 😉
The way you implement the conversion API should still have an option to be disabled by denying the cookie banner.
Legal ‘Conversion API’ implementation checklist:
- Find out how you’re going to implement the Conversion API. When you’re using a pre-built integration, it will be hard to search for all used parameters. If you built it yourself, you’ll have a better idea of what data is used in your integration. This knowledge is needed for the next steps.
- Add to your privacy statement what data is being sent.
- Add to your privacy statement how to data is sent.
- Add to your privacy statement why you’re also using the API besides the Pixel.
- Add to your cookie statement that you’re sending data through Facebook’s Conversion API.
- Ensure that the tracking through the Conversion API can be disabled by denying the cookie banner on your website.
That’s it! Please check the last update of this blog to know if this information is still up-to-date. If you have any question, feel free to write me on [email protected].
Disclaimer: This blog post is not legal advice for your company to use in complying with EU data privacy laws like the GDPR. Instead, it provides background information to help you better understand the GDPR.