Judge desk with gavel being struck.

If you are leveraging Instagram, Facebook, or similar platforms owned by Meta, there’s a chance they told you to set up the Meta Pixel on your website (Formerly Facebook Pixel). The Meta Pixel is a snippet of code that is intended to provide analytics to help track referrals and conversions related to ad spending and social media posts. We’ve also heard from some operators that this has been a requirement to “verify your business”.

While this may have offered some great visibility to help optimize your marketing campaigns or social media posts, do you know what else Meta is doing with it? Apparently far more than we knew. According to Bloomberg Law, more than 50 lawsuits have been filed in 2023 against companies such as the NFL, and multiple hospital systems, suggesting Meta was collecting all data entered on pages where the Meta Pixel was present. If this is the case, that means Meta has been collecting banking and credit card information, or messages meant to be private between a patient and their doctor.

While Meta has so far not responded with precise answers as to what they collect, we will likely learn far more as these cases proceed through the courts. In the meantime, however, it may be time to retire the Meta Pixel from websites entirely.

So what can we learn from this?

Don’t Trust Free Services Without Reading the Terms & Conditions

We all know that these free services often come with a catch, but the reality is that it is often hidden in the Terms and Conditions. If you leave with questions, then it’s time to pause and seek the guidance of legal counsel. Don’t rest on the claims of an Account Manager, or support personnel because if it’s not in the legal document, it may not be binding, leaving you liable.

Reviewing Meta’s Business Tools Terms, they make reference that they will collect the contact information of users and actions taken on your website and leverage it for ad tracking, and analytics. Though “actions” is pretty ambiguous. Even as a tech professional, I don’t feel I know what that means. In terms of analytics, I would expect things like a user’s IP address, where they came from, how long they were there, and where they went.

Additionally, their Terms mention, as of writing this article:

You will not share Business Tool Data with us that you know or reasonably should know is from or about children under the age of 13 or that includes health, financial information or other categories of sensitive information (including any information defined as sensitive under applicable laws, regulations and applicable industry guidelines).

So what else are they collecting then?

If that didn’t make you uneasy, consider that they redirect liability on the website operator to ensure compliance with the Privacy laws of their respective jurisdiction(s). While, this makes some sense in terms of ensuring users are informed, with ambiguous details as to what exactly is collected, how can you properly inform visitors?

Guard The Data You Produce & Own

In our more privacy-focused world where consumers are becoming more aware of just how much of their activity is being tracked and then sold to third parties, and new privacy laws are being written yearly, it’s on all of us to be more responsible with how the data we produce, collect, share, and maintain around our customer’s digital journeys with us. 

It can be easy to find something you think would be useful, integrate it into your website, and then realize you gave them far more access than you intended. I bet even in this case, most operators leveraging Meta Pixel were just wanting to be trusted by the platform, and know how effective their ads were. Instead, they may be facing major legal risks depending on where the code was deployed.

We have to be cognizant that our websites and the data they produce are highly valuable and we should be on guard about who we give such access to in order to ensure their values match ours with regard to data privacy and trust.

Have Legal Review Everything

Lastly, before you sign-up for a service, especially one that may interface with your customers or your data, ensure that all legal documents that define and govern that relationship are reviewed by legal counsel that understands technology. Ensure terms are reviewed at every renewal, and if the vendor has a condition that the terms can change without warning, require they notify you. The right counsel is worth its weight in gold and can help you ask the right questions and avoid potential risks down the road.

Featured photo from Pexels by EKATERINA BOLOVTSOVA

Chris works as an Information Security professional in the Cannabis industry. They have over 20 years of experience in IT and work to share threat intel and mentor the next generation.

Raising Your Cannabis Business Visibility Through Email

Previous article

Things to Consider When Deploying Tablets or Kiosks in Your Dispensary

Next article

You may also like


Leave a reply

Your email address will not be published. Required fields are marked *