The Meta Pixel transmits behavioral data from your website directly to Meta for advertising, attribution, and audience building. Disclosure obligations are significant because the data can be linked to Meta user identities, and US courts have found that certain configurations constitute a "sale" of personal information or a disclosure of video viewing records under the VPPA.
Last reviewed by Lokker Privacy Engineering
Not legal advice
The example language on this page is provided for educational purposes only. It is not legal advice and does not create an attorney-client relationship. Privacy laws vary by jurisdiction, sector, and the specific technologies you deploy. Always have a qualified privacy counsel or attorney review your privacy policy language to ensure it accurately reflects your actual data practices and complies with applicable law. Policy text alone does not make you compliant: your technical controls must match what the policy describes.
Data collection
This is what your privacy policy needs to describe. Be specific: vague references to "usage data" or "technical information" are not sufficient in most jurisdictions.
IP address
Facebook cookie values (c_user and fr) when the visitor is logged into Facebook, enabling identity linking
Page URLs and referrer
Custom events configured by the site operator (add to cart, purchase, lead, etc.)
Hashed email address or phone number when passed via advanced matching
Browser type, language, time zone, and device signals
Pixel-specific identifiers (_fbp cookie and _fbc click identifier)
Processing purposes
Privacy laws require you to specify the purpose for each category of data processing. These are the purposes typically associated with Meta Pixel.
Conversion tracking for Facebook and Instagram ad campaigns
Retargeting site visitors with ads on Meta platforms
Building lookalike audiences for advertising
Measuring campaign attribution and return on ad spend
Creating custom audiences based on on-site behavior
Jurisdiction notes
These are representative notes, not exhaustive legal guidance. Laws continue to evolve and your counsel should review the current requirements for each jurisdiction where your visitors reside.
United States
Under the CCPA and CPRA, transmitting personal information to Meta for cross-context behavioral advertising constitutes a "sale" or "sharing." Your policy must describe this, provide a Do Not Sell or Share link (or honor GPC), and disclose that Meta is a third party receiving personal information for advertising purposes. Courts have also found that the Meta Pixel on pages with embedded video may constitute a disclosure of video viewing records under the VPPA.
EU and UK (GDPR)
Under the GDPR, deploying the Meta Pixel for advertising requires explicit opt-in consent. Meta requires valid consent under TCF 2.2 or a direct consent mechanism. Your policy must identify Meta Platforms Ireland Limited as the controller of data received via the Pixel, disclose the transfer of data to Meta Inc. in the United States under Standard Contractual Clauses, and describe that Meta uses the data for its own purposes including ad targeting.
Sector-specific (Healthcare)
Healthcare organizations are at heightened risk. The HHS OCR guidance clarified that the Meta Pixel on patient-facing pages may disclose protected health information, particularly when URLs contain health-condition-specific path segments or when the visitor is logged into Facebook. Multiple class-action lawsuits have been filed against health systems for this configuration.
Example language
The examples below are starting points for discussion with legal counsel. They are not approved or jurisdiction-complete language. Your policy must accurately reflect your actual technical configuration and comply with the laws of the jurisdictions where your visitors reside.
Cookie or advertising tracker table row
Meta Pixel (Meta Platforms, Inc.): Tracks conversions, site visits, and behavioral events for advertising and audience building on Facebook and Instagram. Transmits data to Meta including page URLs, custom events, and visitor identifiers that may be linked to your Facebook profile. Category: Advertising and targeting. Opt-out: Available through our consent center or via the Meta Ad Preferences center.
Full third-party and advertising disclosure paragraph
We use the Meta Pixel, a tracking technology provided by Meta Platforms, Inc. (and, for EU visitors, Meta Platforms Ireland Limited). The Meta Pixel collects information about your visits to this website, including pages viewed, actions taken, and custom events such as purchases and form submissions, and transmits this information to Meta. Meta uses this data to measure the effectiveness of our advertising on Facebook and Instagram, to enable us to show ads to visitors who have previously visited this website (retargeting), and to build audiences of users with similar characteristics. The data transmitted to Meta may be linked to your Facebook account if you are logged in, allowing Meta to connect your on-site behavior to your identity on its platforms. You can opt out of the use of your data for targeted advertising by Meta by adjusting your settings in the Meta Ad Preferences center or by using the opt-out mechanism in our consent center. We transfer personal information to Meta Platforms, Inc. in the United States, which Meta receives for its own purposes as a data controller. This transfer is made under Standard Contractual Clauses approved by the European Commission.
Configuration checklist
An accurate policy is only useful if the technical controls behind it work correctly. These are the configuration points to verify for Meta Pixel.
Assign the Meta Pixel to the "Advertising" or "Targeting" consent category, never to "Analytics," "Functional," or "Strictly Necessary."
In opt-in markets (EU, UK), the Pixel must not load before an explicit opt-in. Test the no-interaction and reject states with Consent Validator to confirm no Pixel requests are made.
In California, the Pixel must be blocked when a GPC signal is detected or when the visitor has opted out of sale and sharing via your CMP or the Do Not Sell link.
If you use server-side conversion APIs alongside the browser Pixel, your CMP must also gate the server-side events based on consent stored server-side. A browser opt-out does not automatically propagate to server-side sends.
If your site has video content, review whether the Pixel captures video viewing events. VPPA exposure exists where the Pixel transmits evidence of what video content a visitor watched to a third party.
Policy vs practice
These are common gaps between Meta Pixel privacy policy language and what actually happens in the browser. Checking only inside each SaaS admin (CMP, tag manager, or vendor console) rarely answers whether the full stack works together. Lokker tests from the outside: consent state, tag firing, and network requests viewed as one system.
What the policy says
Many policies describe the Meta Pixel as collecting only "anonymized" or "aggregated" behavioral data for advertising purposes.
Policies describe the Meta Pixel as consent-gated, meaning it activates only after the visitor accepts advertising cookies.
Healthcare site policies often mention the Pixel generically under advertising tools, without referencing HHS OCR guidance on PHI disclosure via tracking pixels.
Policies provide a Do Not Sell or Share link and describe that opting out prevents the Pixel from sharing data with Meta.
What Lokker validates
When a visitor is logged into Facebook, the Pixel request includes cookies that allow Meta to link the behavior to a specific user identity. Lokker captures the full Pixel network payload and can show whether identity-linking cookies are present in the request.
It is common for the Pixel to initialize before the CMP has recorded any decision, creating a window of data collection before consent is possible. Lokker tests the first-visit and no-interaction states specifically to detect this gap.
Lokker checks whether the Pixel fires on patient-facing pages and whether its request parameters include health-condition-specific URL segments that OCR has identified as PHI disclosure risk indicators.
Lokker runs an automated GPC and opt-out flow and confirms whether the Pixel still fires or contacts Meta endpoints after the visitor has signaled opt-out. A link in the footer is not evidence of technical enforcement.
Consent Validator tests your site from the outside, not inside each vendor admin. It runs automated flows across accept, reject, no-interaction, and GPC states and checks whether Meta Pixel loads through your CMP and tag manager, whether consent signals are honored, and whether any call to that vendor still occurs when the visitor has opted out.
Questions
References
Regulatory guidance, enforcement decisions, and legal cases referenced on this page.
Regulatory guidance
HHS Office for Civil Rights
Federal Trade Commission
Related litigation
N.D. Cal., 2022
Explore further
Same category
Validate technical compliance
Find out whether the Meta Pixel still fires after opt-out, reject, or GPC, using network-layer evidence rather than a dashboard check.