GDPR, CCPA & Retargeting Pixels

Privacy laws are a new and important part of the way we think about personal information online in years to come, especially as marketers.

The purpose of these laws is to protect individual’s privacy and give clear guidelines and responsibilities for how companies process and protect sensitive information of individuals.

The question of how this applies to remarketing on advertising networks is a big one.

Typically, you’ll place tracking code (such as Facebook Pixel) onto pages on your website (or links, if using a click tracking service like Linkly).

This tracking code records personally identifiable information, and transmits it to the advertising network.

Am I responsible for people’s data?

Yes. As the advertiser, you are the data controller. 

That means you’re still responsible for keeping data private.

In practice, when it comes to retargeting through an advertising network, this is a bit meaningless (as we shall see below).

Am I responsible for gaining consent?

No. 

The advertising network is the data processor. 

It’s up to the ad network to gain consent from the users, as ultimately, they are the ones who are collecting the information and targeting users.

Every ad network (Google, Facebook, Twitter) has detailed pages on their GDPR/CCPA compliance:

• Facebook GDPR
• Google Data Protection Compliance (GDPR & CCPA)
• Twitter GDPR Hub

Ad networks will, in general, not allow you to identify the individuals in your custom audiences. You can target them with ads, but everything else is kept private.