Do EU residents visit your business's Facebook Fan Page? If so, say hello to the chokehold of EU enforcement. The EU Grand Chamber Court ruled yesterday that Administrators of Facebook Fan Pages are deemed to be "controllers" of user data under GDPR. User data can include something as simple as FB placing user "cookies" on your Fan Page. If you administer a FB page that is used by EU residents, the Court will hold you personally responsible for the "free flow" of their personal information to and from and on your page.
What is a corporate Fan Page? The Court described Fan Pages as "user accounts that can be set up on Facebook by individuals or businesses...[T]he author of the fan page ... can use the ... Facebook [platform] to introduce himself to ... persons visiting the fan page."
Administrators of Fan Pages can obtain anonymous statistical information on visitors to the fan pages .. by means of ... ‘cookies’, each containing a unique user code" that can be matched with FB's registered users.
[Cookies] enable Facebook to improve its system of advertising transmitted via its network, and to enable the fan page administrator to obtain statistics produced by Facebook from the visits to the page, for the purposes of managing the promotion of its activity, making it aware, for example, of the profile of the visitors who like its fan page or use its applications, so that it can offer them more relevant content and develop functionalities likely to be of more interest to them."
If your company's FB Fan Page and any other social media pages and sites are visited by EU residents -- whether or not you do business in the EU -- you may be subject to the jurisdiction of the European Union. Beware and be cautious. The text of the Court's decision can be found here.
Associated Url: Your business's Facebook Fan Pages may violate the GDRP