In short, YES you do. There are both legal and third-party requirements to be met here.
As well as:
Don’t knowingly share information with us that you have collected from children under the age of 13.
As mentioned in the quote above, if your app is directed towards children based in the US, you’ll be required to comply with the U.S. Children’s Online Privacy Protection Act which introduces more stringent rules for your apps when you target children under the age of 13. Similarly, if you fall under the scope of the GDPR, you’ll need to comply with the GDPR’s guidelines for processing the data of minors.
Facebook is the data processor of data that developers pass to Facebook for analytics and measurement purposes. Facebook’s Platform Policy and Business Tool Terms require developers to notify individuals when they are using Facebook technology (including pixels, SDKs, and APIs) that enables Facebook to collect and process data about them and obtain users’ prior informed consent for their use of such tools. Developers must also comply with all applicable laws and regulations in the jurisdictions where they operate, including laws and regulations governing notice to individuals whose personal information is being used or disclosed. The developer is the data controller of all data they send to Facebook for measurement and analytics purposes and they are responsible for establishing a legal basis for the use of such data.
From the above quote, Facebook makes it explicitly clear that as the data controller, you (the developer) bear all responsibility for complying with applicable law, including obtaining the prior informed consent of users and having a legal basis for processing user data.
Regarding legal bases, even if you have determined, with the help of a lawyer, that a legal basis outside of consent such as “legitimate interest” applies to your situation, processing user data via cookies (e.g those used in FB analytics) still fall under the ePrivacy Directive and therefore the consent requirement will most-likely still apply.
What happens if you don’t comply with these requirements?
Meeting your requirements here is actually quite straightforward:
All our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.
The generation process is easy and intuitive:
Click on Start Generating, select Facebook app, fill in your app name, select your language and generate.
Add all services collecting personal data including the Facebook permissions you are using to your policy. Once that is done, iubenda now takes care of your policy and generates it for you.
Our Cookie Solution makes this task simple. Just click to activate, then integrate the script into your app (or website).
You can read more about setting up your app for the Cookie Law here or just start generating below (you can easily activate the Cookie Solution from within your site dashboard area).