Iubenda logo
Start generating


Table of Contents

Privacy Policy for Facebook Pages

We all know that a privacy policy is mandatory under many privacy laws. Even if you run your business only on Facebook – without a website – you need to have a privacy policy available for your customers to read.

What you need to do

Provide a privacy policy

Here’s what Facebook states on their Pages, Groups and Events Policies:

If you collect content and information directly from users, your Page, Group or Event must make it clear that you (and not Facebook) are collecting it, and must provide notice about and obtain user consent for your use of the content and information that you collect. Regardless of how you obtain content and information from users, you are responsible for securing all necessary permissions to reuse their content and information.

In order to be compliant, your policy must be up-to-date, understandable, unambiguous, and easily accessible. Also, it has to:

  • describe the personal data collected and the purposes of their collection;
  • accurately list all the third parties the data is shared with; and
  • inform users of their rights in relation to their data.

See this privacy policy created with our generator for an example of how these elements come together. Click on the button to open the document:

Privacy Policy

Specify you’re using Page Insights and communicate your legal basis

As explained in Facebook’s Data Policy under “How do we use this information?”, Facebook also collects and uses information to provide analytics services called Page Insights to Page admins to help them understand how people interact with their Pages and the content associated with them.

Also, you should communicate your legal basis:

You should ensure that you also have a legal basis for the processing of Insights Data. In addition to the information provided to data subjects by Facebook Ireland via the Information about Page Insights, you should identify your own legal basis including the legitimate interests you pursue […]

The following is just an example of how you can phrase your custom clause related to the use of Facebook Insight. Remember to specify if yours is a Page, Group or Event.

Most importantly, if GDPR applies to your situation, do not forget to mention on which legal base you are relying on in order to process statistical data. You can rely on any of the 6 legal bases provided under the GDPR.

Facebook’s responsibilities

As stated in the Page Insights Controller Addendum, Facebook is taking on major responsibilities:

Unless specified otherwise in this Page Insights Addendum, between you and Facebook Ireland, Facebook Ireland assumes the responsibility for compliance with the applicable obligations under the GDPR for the processing of Insights Data (including, but not limited to, Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). Facebook Ireland will implement appropriate technical and organisational measures to ensure the security of the processing in accordance with Article 32 GDPR.

Joint controllership

The processing of personal data for Page Insights might be subject to the joint controllership arrangement: basically, if you’re a Facebook Page admin, both you and Facebook are responsible for complying with the GDPR in relation to Facebook’s Page Insights service.

In any case, there is no need to add a joint controller statement, since Facebook takes care of this aspect:

Facebook Ireland will make the essence of this Page Insights Addendum available to data subjects (Article 26(2) GDPR). This is currently done via the Information about Page Insights data which can be accessed from all Pages.

Facebook Page Insights Controller Addendum Requests

If you need assistance with regard to a request in accordance with the Page Insights Controller Addendum, you can submit this form:

Facebook Page Insights Controller Addendum Requests

In fact, on the Page Insights Controller Addendum Facebook says:

The Parties designate the communication channels referenced in the Information about Page Insights data or in any subsequent document as contact points for data subjects.


If data subjects exercise their rights under the GDPR with regard to the processing of Insights Data against you (Article 26(3) GDPR), or you are contacted by a supervisory authority with regard to the processing of Insights Data, each a “Request”, you will forward all relevant information regarding such Requests to us promptly but within a maximum of seven calendar days. For this purpose, you can submit this form. Facebook Ireland agrees to answer Requests from data subjects in accordance with our obligations under this Page Insights Addendum. You agree to take all reasonable endeavours in a timely manner to cooperate with us in answering any such Request. You are not authorised to act or answer on Facebook Ireland’s behalf.

How to add a privacy policy to your Facebook page

Facebook allows you to link to your privacy policy on your page: click on About > Edit Privacy Policy to enter your privacy policy link.

How iubenda can help you create a privacy policy for your Facebook page

Our Privacy and Cookie Policy Generator makes it easy to create a privacy policy (also) for Facebook pages: with hundreds of pre-crafted clauses, our generator lets you easily include all elements commonly required across many regions and third-party services, while applying the strictest standards by default – giving you the option to fully customize as needed.

All our policies are created by lawyers, monitored by our lawyers and hosted on our servers to ensure that they are always up-to-date with the latest legal changes and third-party requirements.

Create a privacy policy for your Facebook page

Start generating

See also