Besides Facebook, privacy policies are also required by data privacy laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), and there are specific details you must include in your agreement.
|Data Privacy Law||Legal Threshold||Penalties for Noncompliance||Official Legal Text|
|The General Data Protection Regulation (GDPR)||Entities that target data subjects in the European Economic Area (EEA) that offer goods or services or monitor online behavior.||$23 million or 4% of annual global turnover (whichever is higher)||GDPR-info.edu|
|The California Online Privacy Protection Act (CalOPPA)||Entities located in California or any entity that serves California residents.||$2,500 per person per violation.||California Legislative Information|
|The California Consumer Privacy Act (CCPA)||Any for-profit entity that collects California consumer data and meets one of the following:
||$2,500 per violation, up to $7,500 per intentional violation||State of California Department of Justice|
|The California Privacy Rights Act (CPRA)||Any for-profit entity doing business in California that meets one of the following:
||$2,500 per violation, $7,500 per intentional violation||cpra.gtlaw.com|
|Children’s Online Privacy Protection Act (COPPA)||Any for-profit entity that targets children under 18 in the US and collects personal data.||Up to $40,654 per violation||Federal Trade Commission|
|Personal Information Protection and Electronic Documents Act (PIPEDA)||Any for-profit organization that collects, uses, or shares personal information of Canadian residents.||Up to $100,000 CAD ($79,815 USD)||Government of Canada Justice Laws Website|
It’s important you understand that any of the laws mentioned above could apply to your Facebook app regardless of where you’re physically located.
Even if you use Facebook to host your app, it is your responsibility as the app owner to know what data privacy laws apply to your product and to follow the requirements accordingly.
Your Contact Information
You can put this clause at the beginning or end of your policy, just ensure that the information you provide is up-to-date and accurate.
The Type of Personal User Data You Collect
How You Use the Personal Information
Similar to the previous clause, laws like the GDPR and the CCPA also require you to inform your users about how you use the personal information you collect about them.
If you Sell or Share Personal Data With Any Third-Parties
Your Legal Basis or Legitimate Interests Over the User Data
You may need to provide a legal basis for each category of personal data your app collects, and they can be different.
Data Retention and Storage
In the screenshot below, read how Scopely communicates their data retention practices for their Facebook app, Bingo Bash.
Explain Your Users’ Rights Over Their Data
Their users can click on the highlighted text to reveal more specific, detailed information about the different rights they have over their data, as pictured below.
- A google doc
- A dedicated page on your website
Step 2: Change Your Facebook Developer Settings
Next, log into the Facebook for Developers Dashboard and locate the settings menu on the left-hand side of the screen, which looks like the screenshot below.
Step 3: Enter Your App Information
Take a look at what this page looks like in the screenshot below.
Accessibility and transparency are key concepts in today’s era of digital regulation, and your consumers have the right to know how you use their data without navigating through pages of confusing legalese or getting lost in a maze of documentation.
- Log into your Facebook for Developers Dashboard
- Change your Facebook developer settings to Basic to find the essential legal policy settings
- Privacy policies are a legal requirement under many data privacy laws around the globe