One possibility to use Facebook as a company is the Custom Audience function. A distinction must be made between two possible implementations of Facebook Custom Audience:
- the “list variant”, in which you transfer lists of e-mail addresses of customers or prospects to Facebook.
- the “pixel variant”, in which you install a custom audience pixel on your website XY (cookie principle: if the user is logged into the Facebook account and the function is not switched off, a cookie is set. If the corresponding website is accessed, Facebook is informed of this and the advertising of website XY is displayed on Facebook. A click on the advertisement takes the user to the XY website so that the purchase can be tracked if necessary).
What is the current legal assessment of these variants?
- As far as the “list variant” is concerned, the Administrative Court of Munich recently issued a decision in the second instance. In its decision of 26 September 2018, the Administrative Court takes the view that the use of Facebook Custom Audiences in the “list variant” is inadmissible as long as no consent has been obtained from the address holders concerned. The Administrative Court thus confirmed the first-instance decision of the Administrative Court of Bayreuth of May that had already been made. However, both decisions refer to the old legal situation under the Federal Data Protection Act. There are voices in the data protection literature which do not consider the decisions of the Administrative Court of Bayreuth and the Administrative Court of Munich to be correct, especially since the GDPR came into force. Nevertheless, we must of course take note of them.
What does that mean in practice?
2) The use of Facebook Custom Audiences in the “list variant” requires your consent in any case. Against the background of the decisions now available – even if they concern the old legal situation – it will have to be assumed that the supervisory authorities will take the view that the use of Facebook Custom Audiences in the “list variant” without consent is not permissible. There are still many companies that still use the “list variant” without consent. But at the latest now – at any rate we recommend this – they should switch to a consent solution or temporarily refrain from using this tool.