What you need to know about GDPR and Facebook Messenger bots

What you need to know about GDPR and Facebook Messenger bots

April 23, 2018 by

Many of us had an easy laugh at some questions Mark Zuckerberg got when he testified in Congress. That’s why almost everybody missed one important topic senators and Zuckerberg spoke about: the implications of GDPR.

 

GDPR stands for General Data Protection Regulation. It’s a new data privacy law in Europe that is coming on the 25th of May and, in short, will change the internet.

First of all, there is nearly no internet company which is unaffected by these new regulations and second, these regulations are much more powerful than any other data privacy law before. GDPR will give dedicated European authorities the power to enforce the new data protection law. Whoever is not complying will see sanctions up to 4% of the annual turnover or 20 million EURO. Facebook knows that GDPR is aimed at companies like them. After Cambridge Analytica, they will make sure that they don’t violate any privacy law again.


Be smart: Cambridge Analytica was a third party violating privacy rules. Facebook won’t let happen that again. That applies for every third party on any of their platforms.

For the Business to Messenger platform and Facebook Messenger bots GDPR will have many implications you should be aware of.

4 things about Facebook Messenger and GDPR that you should probably change immediately:

  • Privacy Policies: If you don’t have a privacy policy yet, you have to draft one. Without a privacy policy, you are not compliant. You have to link your privacy policy in your bot.
  • Data processing agreements: If you are using third parties or are yourself a typical third party you have to have data processing agreements with all your partners. That is an additional contract you have to negotiate, so you should start with that immediately if you don’t have it yet.
  • Stop: You have to provide an easy way for the user to stop messages from your bot. If your bot doesn’t have a convenient option to opt out, … you should add this.
  • User rights & complaints: Users now have many different information rights. Law firms, competitors, or activists can use that rights to check if your organization is compliant. Be prepared to get this requests on how you save and protect personal data.

The Messenger team also created a little FAQ, which you can find here. It’s helpful if you are already familiar with the implications of GDPR. If that is not the case, or you want to dig deeper into the topic and how to comply I recommend to read our whitepaper. On 20 pages we explain the basic concepts of GDPR and how to comply if you as a business are using Facebook Messenger bots.