What is Social Media?
Social media - for anyone that’s been hiding under a rock in North Korea for the last 15 years - refers to online platforms where people share ideas and information.
Some of the biggest players here include Facebook, YouTube, WhatsApp, and TikTok.
There are 3.6 billion active social media users globally, meaning they represent almost half of the world population. This number is projected to increase to 4.4 billion by 2025 (Statista).
The wealth of personal data provided by these users makes these platforms one of the most effective marketing tools for companies.
In 2020, spending on social media ads reached $132 billion and the total is expected to surpass the $200 billion mark in the next two years (Statista).
What are the GDPR Implications for Social Media Marketers?
The General Data Protection Regulations (GDPR) is a European Union law that came into force in 2018. It is built around protecting the personal data of EU citizens and residents.
The law has no bearing on individuals using social media purely for personal reasons. Instead, it applies to the use of social media in a professional capacity and prevents the processing, storing, or sharing of personal data without the owner’s consent.
The regulations apply to any company in the world that holds personal data on EU citizens and residents, regardless of whether they’re based in the Union.
Respecting the Data Rights of EU Citizens and Residents
The EU law protects eight fundamental rights of online users regarding their online personal data:
- The Right to Information
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restriction of Processing
- The Right to Data Portability
- The Right to Object
- The Right to Avoid Automated Decision-Making
A company’s responsibilities to respect these eight fundamental rights extends to their social media user data.
This includes anything that can identify a user – such as names, dates of birth, web browser cookies, and tracking pixels.
There is also an additional “special category” of data that requires a higher level of protection, such as information on race, ethnicity, and religion.
Consent is Key
Crucially, EU consumers need to explicitly consent to how this data is collected, stored and used, as well as to its transfer of anything to third parties.
Social media marketers have long required such consent from users before collecting and using their data, but this requirement is now stricter under GDPR.
Fortunately, consent and data usage have long been effectively covered by the terms and conditions, and privacy notices of social media platforms.
With consent already in place, GDPR has had a less direct effect on social media marketing than in other parts of the sector.
This means that organic social media marketing is largely unaffected by GDPR regulations, because posting content and engaging users does not require the collection of personal data.
There is also no issue with fully anonymized data – so simply tracking things like follower numbers or engagement rate isn’t a problem.
The issue when it comes to social media and GDPR is when you are extracting personal data from the platform and storing it elsewhere within your business, or when you are using it for generating and collecting data in exchange for access to a download, for instance.
Key Areas of GDPR Significance for Social Media Marketers
Here are the three main ways that GDPR affects social media marketing:
1. Curbs on remarketing advertisements and tracking pixels
Remarketing (or retargeting) enables companies to create ads that follow their website visitors to the social media platforms they use, thanks to a pixel which identifies them as previous visitors to your website (or a specific page within it).
This information makes remarketing an effective marketing tool, but GDPR legislation now requires that consumers explicitly consent to the use of their data for such activities. This includes consent for the use of retargeting cookies.
If you’re targeting EU consumers, you must get explicit opt-in consent when you’re using personal data – including user tracking – and you must disclose GDPR compliance at every stage of your marketing funnel.
This will naturally add extra steps to marketing campaigns and mean that some of the generated leads will inevitably disappear. It will also make it more difficult to market to the social media users who have visited your website in the past.
2. Compels social media users to accept your privacy notice
When advertising to generate leads on social media, you will need to ensure that any form for capturing data has a suitable disclaimer and link to the privacy notice, with no pre-ticked opt-in boxes for obtaining consent.
And, under GDPR, visitors to a social media landing page will have to opt-in twice – firstly to accept your privacy notice and secondly to follow your call-to-action.
3. Limits user behavior tracking
Social media analytics is vital for marketing, but GDPR now restricts the monitoring of social media user behavior.
If you’ve noticed differences in traffic volumes to your website, including drop-offs and data lagging, you will need to test your cookie opt-ins to ensure that your social media traffic is accepting the terms.
What are the GDPR Penalties for Non-Compliance?
The GDPR imposes strict fines on companies seen to be inadequately protecting EU citizen personal data, with a two-tier fining system: Tier 1: up to €10 million, or 2% of annual global revenue from the previous year, whichever is higher Tier 2: up to €20 million, or 4% of annual global revenue from the previous year, whichever is higher
- Tier 1: up to €10 million, or 2% of annual global revenue from the previous year, whichever is higher
- Tier 2: up to €20 million, or 4% of annual global revenue from the previous year, whichever is higher