GDPR & Social Media-What The Updated Privacy Policies Mean

You have probably noticed a number of apps and websites flooding your inbox with privacy policy emails lately, even the sites that you haven’t visited in years. These emails are likely from companies announcing that they have changed their privacy policy and asking you to agree with them.

There are new privacy and cookie notices popping up on websites too, and some popular apps like Klout have completely shut down out of nowhere.

These occurrences are not just coincidences. The driving force behind all these changes is Europe’s new General Data Protection Regulations, a data privacy law that went into effect on May 25, 2018.

General Data Protection Regulations (GDPR for short) is basically a law that makes sure companies meet certain guidelines when collecting and using data from their users. The law itself is a very complicated, 261 page document that you can read here.

We have broken down GDPR for you, along with the answer to your pressing question of what GDPR means for social media marketing.

So what exactly is GDPR?

If you have ever used an app or a website that requires you to sign up for an account, you have already dealt with long and tedious terms and conditions hidden within friendly, harmless language. It’s also likely that you didn’t even bother to read them before checking the ‘I agree’ box.

Technically, this means you have given these companies the ability to collect and store your personal data. In practicality though, it means you have given them consent for profiting off your information.

This is how companies like Facebook, which charge you nothing, are able to bring in most of their revenue, which was as much as $40 billion last year. They are not selling your information per se, but they are using it to control which third-party advertisements you get to see. This information mainly includes things like your name, age, religion, where you live, your photos, etc, i.e information that can help them offer you more targeted advertisements.

And sometimes, as we have seen during the Facebook Cambridge Analytica Scandal, things get a bit messy. The data breach allowed third-party apps to inappropriately access about 146 million users’ personal data, 87 million of which had not given their consent.

The long and short of it is, data breaches keep happening. Which is where GDPR comes into play.

GDPR’s goal is to force companies to improve the protection of their users’ data and to make it easier to understand what data they are collecting and why.

Why should you care?

Simply it means that users(which is you) controls what information to share with the companies.

The companies will have to be explicit about their intentions of collecting data and will need specific consent from the users to be able to do so.

The reason you are getting all these emails, is because all companies are rushing to get their privacy policies in compliance with GDPR. If they don’t, they can be fined upto 4% of their global revenue or 20 million euros – whichever is higher. To put things into perspective, Apple’s global revenue in 2017 was $229.2 billion and if they don’t comply to GDPR, they will be fined a 4% of that, which is a whopping $9-something billion.

While the regulations only apply to EU citizens, companies collect data from everyone around the globe and are hence updating their privacy policies to follow GDPR’s rules for everyone.

Impact of GDPR on Social Media

To make it easier for you to understand, we have highlighted some key features of the GDPR below, to let you know how GDPR affects social media.

There are some requirements companies have to fulfil under GDPR, including but not limited to:

  1. Plain language must be used in all privacy policies and in explanations of how data is being used, no confusing legal and technical jargon is to be used.
  2. Clear consent is required to collect and use users’ data with easy ways to opt out of some or all data collection.
  3. The user must be informed of a security breach within 72 hours of its detection.
  4. Users have to be given the “right to be forgotten”, i.e Erasure of all data when asked.
  5. Users have to be given the right to opt out of target advertising using their personal data.
  6. Special safeguards should be in place for information related to race, sexual orientation, health, religious and political beliefs.

There are six ‘grounds’ for processing data under the GDPR: contract, consent, legal obligation, vital interests, public interests, and legitimate interests. The ones most relevant when it comes to social media are consent and legitimate interests.

What GDPR means for social media users

As we have seen, GDPR is very beneficial for social media users in several ways. If you are a social media user, here is what GDPR means:

1. More privacy

Since businesses now need to have explicit consent to collect only the data which is necessary for specific reasons that they will disclose upfront, users will have a lot more privacy. Users can choose not to share some sensitive information if they so please.

2. More protection

With the new regulation in place, there will be stricter supervision of data collection and processing. This means we will likely see fewer data breaches like the recent ones.

3. More control over shopping experiences

Consumers can now decide early on if they want their personal data and website behaviors to be tracked for target marketing and analytics purposes. This gives them more control on their own social media feeds and whether or not they want to receive advertising emails.

What GDPR means for your social media marketing efforts

If you are a business that heavily depends on social media, you are likely to have prepared for GDPR already.

You are also likely to be concerned that this set of regulations that are meant to ensure the privacy of consumers, could have an impact on your social media marketing.

So how does GDPR affect social media marketing? Mainly, in two aspects – social media target advertisements and lead generation. Let’s take a look at those in detail:

Changes in Social Media Advertising

GDPR will make it difficult for you to track your customer’s data and their behaviour for automated targeting or profiling of people for advertisements. You must obtain legal basis to be able to do so. This means that you will have to obtain explicit opt-in consent from your customers.

For instance, you look to social media for target customers or potential customers using their email addresses. If a customer has provided you with an email address during their sign up at your website. You are likely to target them with social advertising emails when there is a sale at your store. Under GDPR, however, you will only be able to do so if you have explicit consent to process the customer’s data.

For the consent to be used, you have to make sure that –

  1. It is freely given: Customers must be given a free, genuine choice to accept or reject, including the choice to easily withdraw their consent.
  2. It’s specific: You have to state what data will be collected and how it will be used.
  3. It is unambiguous: Your request for consent is in plain, understandable language.
  4. Not as default: Pre-checked boxes for consent are not allowed. Customers have to take action and if they remain inactive, it does not mean that their consent is to be considered as given.

Facebook has already launched a safeguard for email data and will require marketers to pledge that they have permission to use the data. For more information on advertising under GDPR on specific platforms, check out the following:

  1. Facebook (Instagram)
  2. LinkedIn
  3. Twitter

Changes in Lead Generation

Lead form ads are a great way to generate business, but there are a few changes to those under GDPR as well. Since making lead form ads on platforms such as Facebook and LinkedIn means collecting data. You will need to explain how the data will be used and justify a legal basis (consent) for processing the data.

Facebook and LinkedIn have already taken several steps to ensure that your lead ads are in compliance to GDPR.

How LinkedIn Lead Ads Now Work

LinkedIn has updated its lead generation form. Upon creation, an automatic checkbox will appear in the lead generation forms. Users must check this box when they submit information. This acts as consent under GDPR.

A link to your privacy policy and a custom text to show the usage of collected data is mandatory.

LinkedIn helpfully provides some examples for the custom privacy policy text. To help you understand how simple and coherent the language should be.

For example: If you are collecting email addresses for sending out alerts for your future events. You can use “We’ll use your information to contact you about our events.”

According to LinkedIn, users can also track and revoke consent in their privacy settings. Which means they can revoke their consent on a per-lead basis, until 90 days of submission. This means you will have 90 days to download or pass leads from LinkedIn to your own third-party tool.

Effect of GDPR on Linkedin lead generation Ads

How Facebook Lead Ads Now Work

Facebook requires you to agree with its terms and conditions before you can create a lead ad.

effect of gdpr on facebook lead ad campaigns

Facebook allows you to add a link to your privacy policy, a custom disclaimer text and optional consent checkboxes to your lead forms. If you need to take a look at Facebook’s existing advertising policy, here it is.

The benefits of GDPR for social media marketers

We cannot overlook the fact that there are a few benefits of GDPR for your business, despite it seeming otherwise. Let’s take a quick glance at them:

Boost audience loyalty and trust

In the light of the recent scandals, consumers have become more suspicious of how their personal data is handled by businesses. By complying with GDPR, corporates are being completely transparent and claiming responsibility with all the data they collect. This is likely to give their customers a better understanding of the business. Consequently encouraging them to trust businesses in the long run.

Improve your cybersecurity

GDPR gives you a chance to revisit and enhance your cybersecurity strategy, resulting in fewer risks and breaches.

A better marketing experience

With GDPR, people’s apprehension of online shopping and browsing is likely to diminish. This means a better marketing experience for all online marketers in general.

Improve engagement

Genuine customers who have interest in your brand will connect and opt-in. This means higher rates of engagement, consequently increasing your ROI.

What GDPR means for social media analytics?

If you are worried about your social analytics taking a dive thanks to GDPR, well, don’t.

Here’s the deal. Active opt-ins from customers also means that you will have a better understanding of who your target audience is by figuring out the demographics of who is genuinely interested in hearing from your brand. This way, you can filter out lost leads and focus on the niche audience. This is bound to save you a lot of resources and help you manage your budget better. You might lose a few followers. You can be rest assured knowing that your current followers are the ones who are genuinely interested in your business.

On a side note: If you are sending traffic from your social media to your website. And using third-party tools like Google Analytics to track visitor behaviour, you also need to have consent for that.

What GDPR means for content marketing?

We have saved the good news for the last. As far as organic social media marketing such as content marketing is concerned, GDPR plays little to no role.

This is because when it comes to organic social media marketing. Like producing content for blogs, infographics, tutorials, videos and visual posts, there is no exchange of personal data.

You do not have to collect any data from your consumers in order to engage and build relationships with them. Which is why content marketing activities are so important, especially now.


The EU has put forth the GDPR to ensure security and privacy for consumers. Its basic function is to force big companies to follow ethical guidelines when managing data. And to facilitate trust and transparency.

Companies should have already complied with GDPR, by being vigilant about what data they collect and process and whether or not they have the explicit consent to do so.

This makes social media advertising a bit difficult, since consent is necessary for target ads and lead generation also. But a bit of transparency goes a long way.

By complying to GDPR, you will have improved trust among customers, more engagement and an overall improved marketing experience. Since GDPR requires active opt-ins from customers, it also ensures better analytics of target audiences.

Amidst all the chaos of GDPR compliance, content marketing remains mostly unharmed. At a crucial time like this, content marketing is more important than ever for growing your business.

What do you think? Let us know!

  • 2
Sign up for Information you need

Sign up for Content to boost your business’ Social Media presence. We don’t spam.

Related Posts

Begin typing your search above and press enter to search. Press ESC to cancel.

Back To Top