Meta's New Data Sharing Restrictions: A Guide for Businesses and Charities
Fifty2M
January 14, 2025
Meta is tightening its data sharing restrictions in an effort to improve user privacy. This means that businesses and charities will need to be more careful about what data they collect and share with Meta. In this blog post, we will outline the new restrictions and provide a checklist you can use to help ensure compliance with minimal campaign disruption.
What is Meta hoping to achieve with its new data sharing restrictions in 2025?
Meta is hoping to achieve a number of things with its new data sharing restrictions.
The focus is on user privacy, giving users of Meta's platforms (Facebook, Instagram, Messenger, and Threads) greater confidence about data safeguarding.
But it's also likely to be a response to growing pressure from regulators around the world that are concerned about the use of hyper targeted advertising on social media, especially where this could be harmful to individuals (for instance, businesses that tout quack medicines and unproven treatments to 'cure' cancer, or money lenders that dangle easy-access loans to people already in severe debt).
So, whilst these changes feel like a pain for advertisers, the goals behind them are generally well meaning.
What are the different domain categories that Meta is bringing in under the new data sharing rules?
Meta is introducing three different domain categories for websites and apps:
General Audience: Websites and apps that are suitable for all audiences. This is the default category and includes most websites and apps that don't handle sensitive information. Examples include: news sites, sports blogs, online retailers selling general merchandise, and recipe websites.
Sensitive: Websites and apps that collect sensitive data, such as health information or financial information. These domains are subject to stricter data sharing rules and limitations on targeting options. Examples include: healthcare providers, online pharmacies, financial institutions (banks, investment firms, mortgage brokers etc), dating apps, websites that discuss political or religious topics, and sites offering legal or counselling services.
Prohibited: Websites and apps that are prohibited from sharing any data with Meta. These typically include highly sensitive or illegal activities, such as: websites promoting hate speech or discrimination, sites selling illegal drugs or Zombie knives, platforms facilitating online gambling in locations where this is not permitted, and websites sharing sexually explicit content.
What is considered sensitive or prohibited data?
Sensitive data includes:
Health information (e.g., medical conditions, diagnoses, treatments)
Financial information (e.g., credit card numbers, bank account details)
Sexual orientation
Religious beliefs
Political beliefs
Racial or ethnic origin
Trade union membership
Prohibited data includes:
Sensitive data that is not necessary for the provision of the service
Data that is collected in violation of Meta's terms of service
What are the effects of passing this data back via the Pixel?
If you pass sensitive or prohibited data back to Meta via the Pixel, your website or app may be placed in the Sensitive or Prohibited category. This could result in a number of negative consequences, such as:
Your ads may be less effective
Your website or app may be blocked from using Meta's services
You may even, in some circumstances, be subject to legal action
Checklist for businesses and charities to help ensure compliance with Meta's new data sharing restrictions while avoiding disruption
Here is a checklist of things you can do to ensure you are in compliance with Meta's new data sharing restrictions. Before ploughing in, visit Facebook Events Manager here and check for an alert that advises you may be impacted by the change. If so, request an extra 30 days to get everything in order, and proceed with the checklist items:
✅ Review your URL slugs, form names, and parameters
Avoid: /diabetes-treatment-options, signup-form-depression-support, ?condition=anxiety
Instead use: /treatment-options, signup-form, ?topic=mental-health
✅ Review your custom audience names and custom event names
Avoid: "Customers_with_Heart_Disease", "Completed_Anxiety_Assessment"
Instead use: "Website_Visitors", "Completed_Assessment"
✅ Review the fields contained in customer lists uploaded to Meta platforms
Exclude: "Medical History", "Income Level", "Religious Affiliation"
Include (if relevant and non-sensitive): "Age Range", "Location", "Purchase History"
You can still upload customer lists containing names, email addresses, and phone numbers to create matched custom audiences. This data is already hashed for privacy.
Getting ready for Meta's new data sharing restrictions: key takeaways
There's lots to think about, and it probably sounds scary, but as long as you implement the changes set out in our checklist, you should be OK. Remember to:
Be careful about what data you collect and share with Meta.
Do not collect or share any sensitive or prohibited data.
Review your website or app to make sure it is in compliance with Meta's new data sharing restrictions.
Consider using a consent management platform (CMP) to help you comply with the new restrictions.
For retargeting, focus on broader audience segments and contextual targeting to minimise reliance on potentially sensitive data. For example, instead of retargeting users who visited a page about a specific medical condition, target users who have shown interest in healthy living or general wellness topics.
By following these tips, you can help ensure that your business or charity is in compliance with Meta's new data sharing restrictions.
Please note: This blog post is for informational purposes only and should not be considered legal advice. Please consult with your legal representatives if you have any questions about Meta's new data sharing restrictions.
Enjoyed reading this blog? Found it useful and informative? Then spread the love by sharing it on your socials so more people like you can benefit from it too!