In line with the GDPR regulations, Facebook introduced a more strict policy when it comes to how personal data is handled by its advertisers. Part of this effort is their attempt to identify when personal data or sensitive information that is unhashed is collected by the Facebook pixel. When this happens, they’ll show you a warning inside the pixel Diagnostics section.
FACEBOOK PIXEL DIAGNOSTICS
Open your Ads Manager top menu and click on Events Manager, Pixels.
This will open your Pixels section. Click on the “Details” button. Click on the Diagnostics tab. If there are problems, you’ll see them reported there.
The report will tell you which event violates the business terms by collecting sensitive or personal information. Facebook will also suggest a solution. That’s typically to remove the event’s parameter containing the prohibited information. So you can identify the event and the parameter as well.
There’s a “See Affected URLs” button that will reveal more details. Click on it and try to fire the event. Check with Pixel Helper Chrome Extension what data the reported parameter sends to Facebook. This way you’ll have a complete image of the issue.
PIXELYOURSITE’S CLICKEVENT FALSE POSITIVE REPORTS
Unfortunately, the Facebook filters are not perfect. They can trigger a warning even when the data sent by the pixel is completely legitimate.
That’s the case for the PixelYourSite’s ClickEvent. This event is fired when someone clicks on any link from your website. Its “tag_text” parameter will pull the HTML or button text. This helps you to identify what element has fired the event.
EXAMPLE: Let’s say you have a contact form and the form’s button text is “Contact Us”. So when your visitors complete the form and click its button, a ClickEvent is fired, with the “tag_text” equal to “Contact Us”.
FALSE POSITIVE
The Facebook filters are very basic and unsophisticated. They seem to be triggered by any data that looks like some sort of personal information. So if the “tag_text” sends an email or telephone number, it will trigger the warning no matter what.
However, the data sent by this event IS NOT personal and IS NOT related to your clients at all. It’s just your OWN PUBLICLY AVAILABLE information.
Here’s a scenario when this can happen:
You have your email or phone number displayed on your contact page. These are clickable items, so when someone clicks on them, a ClickEvent will be fired. The “tag_text” parameter, in this case, will be the phone, or the email. YOUR phone, or YOUR email. While looking like sensitive information, this particular bit of data is 100% legit. I this case the event tracks your publicly-available contact information.
It’s easy to understand that the warning triggered in this situation is not correct. No sensitive information was collected by the Facebook pixel. The “tag_text” collects your own public info, not your clients’ data.
WHAT TO DO IF YOU HAVE SUCH A WARNING
1. First of all, I suggest you contact Facebook support. Their system makes a mistake and they should know about it.
You can do so here: https://www.facebook.com/business/support/topic/ad-management-tools
Under “Additional Support” there’s a “Get Started” button. Click on it to continue. Select “Policy and account security” and then click on “Chat with a representative”.
Explain your situation and show them that the ClickEvent doesn’t collect any type of personal or sensitive information.
2. You can change the text of your email or phone links and replace them general terms, like “Call us” or “Email us”.
3. You can disable the ClickEvent for Facebook until the situation gets fixed: open PixelYourSite’s dashboard, click on “Track Clicks”, disable the “ClickEvent” on Facebook and save the new settings.
*You can find Facebook Business Tools Terms here
UPDATE:
We made some changes to PixelYourSite Pro in order to avoid such confusions. They will limit the level of wrongfully reported problems, but not remove them completely.
Starting version 7.0.5 PixelYourSite Pro will:
1. Allow you to turn ON/OFF traffic and UTM parameters. These are new options you can find on our Dashboard.
Why is this useful: sometimes the values recorded by these parameters can look like personal data, triggering a warning.
2. Show just the domain for the traffic parameters.
Why is this useful: sometimes the full referer was containing values that were looking like personal data. To avoid this situation we decided to track the referrer domain only.
Example: the full referer is looking like this: http://www.somedomain.com/page?name=david
The new traffic parameters will only show the domain, so the rest of the URL that contains something resembling personal information will not be part of it.
3. Filter the emails from UTMs and the ClickEvent tag_text parameters.
Why is this useful: Same as before, this new approach will avoid triggering the personal data warning.
However, there are plenty of scenarios where the ClickEvent’s tag_text parameter will track data that looks like personal information. It can be telephone numbers or names, all of them publicly available on your own pages.
4. Starting v7.1.3 phone numbers will be filtered if you use the “tel:” HTML markup.
Here’s a good article on how to properly mark phone numbers: https://developers.google.com/web/fundamentals/native-hardware/click-to-call/
This will help our plugin to identify and remove phone numbers from being tracked as parameters.
NOTE: Most of the above situations don’t constitute a real breach of Facebook’s own terms. The warnings triggered by those scenarios are mostly generated by their algorithm wrongfully identifying some data as being personal.
