Main Menu Main Content
Photo of Facebook
Publications

Facebook's Limited Data Use Deadline Passed: Did Your Business Make the Right Decision?

Hodgson Russ Cybersecurity & Privacy Alert
August 7, 2020

Like all businesses, Facebook has been struggling with its response to the California Consumer Privacy Act (CCPA), which went into effect on January 1, 2020 and became enforceable on July 1, 2020.  In early July, Facebook announced a new feature called Limited Data Use (LDU).  If a business enables the LDU feature, it automatically detects a user’s location and blocks the exchange of data from California residents.  Until July 31, 2020, Facebook automatically enabled the LDU for all Facebook business accounts, preventing all businesses from accessing data from California residents.  However, as of August 1, 2020, the feature is no longer automatically enabled and business account customers must update their pixel to establish an LDU parameter — enable or disable the LDU in the business’ account settings.

Facebook, which has been a favorite target of American and European privacy regulators, is taking a cautious approach when it comes to the CCPA.  As set forth below, Facebook’s Terms of Use attempt to impose additional disclosures on its’ business customers:

If you use our pixels or SDKs, you further represent and warrant that you have provided robust and sufficiently prominent notice to users regarding the Customer Data collection, sharing and usage that includes, at a minimum . . . [f]or websites, a clear and prominent notice on each webpage where our pixels are used that links to a clear explanation (a) that third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and target ads, (b) how users can opt-out of the collection and use of information for ad targeting, and (c) where a user can access a mechanism for exercising such choice (e.g., providing links to: http://www.aboutads.info/choices and http://www.youronlinechoices.eu/).

Determining whether to enable the LDU is a complicated question that turns on two factors: (1) which Facebook Business Tool products are being utilized by the business and whether those products access “personal data” as defined by the CCPA; and (2) whether the business is otherwise CCPA compliant.  As marketing experts know, enabling or disabling the LDU has significant implications for an effective marketing campaign capable of delivering a reasonable return on investment.  Until some of the legal nuances associated with the CCPA are resolved, businesses will have difficult decisions to make — and, in the case of Facebook’s LDU feature, those decisions need to be made quickly. 

Contact Michelle Merola (518.736.2917), Gary Schober (716.848.1289), or Patrick Fitzsimmons (716.848.1710) to discuss how Hodgson Russ LLP can help you navigate the legal and technological issues associated with marketing platforms like Facebook.