Guidelines 08/2020 on the targeting of social media users – version for public consultation

Subparagraph 5.3.1 A  Roles

62 In Example 4, in Section 5.3, both the targeter and the social media provider participate in determining the purposes and means of the processing personal data, which results in the display of the advertisement to Mr. Schmidt.

63 As far as the determination of purpose is concerned, Bestbags.com and the social media provider jointly determine the purpose of the processing, which is to display a specific advertisement on the social media platform to the individuals who make up the target audience. By embedding the pixel into its website, Bestbags.com exerts a decisive influence over the means of the processing. The collection and transmission of the personal data of visitors of the website to the social media provider would not have occurred without the embedding of that pixel. The social media provider, on the other hand, has developed and offers the software code (pixel) that leads to the automatic collection, transmission and evaluation for marketing purposes of personal data to the social media provider. As a result, joint controllership exists in relation to the collection of personal data and its transmission by way of pixels, as well as in relation to the matching and subsequent display of the advertisement to Mr Schmidt on the social platform, and for any reporting relating to the targeting campaign. Joint controllership also exists, for similar reasons, in Example 6 in Section 5.3.

64 In Example 5, in Section 5.3, the pizzeria exercise a decisive influence over the processing of personal data by defining the parameters of the ad targeting in accordance with its business needs (for instance, opening hours of the pizzeria and geo-location of persons close to the pizzeria in this time-slot), and therefore must be regarded as taking part in the determination of the purposes and means of the data processing. The social media provider, on the other hand, has collected the information regarding Mrs. Michu’s location (via GPS) for its purpose of enabling such location-based targeted advertising. As a result, joint control exists between the targeter and the social platform in relation to the collection and analys is of Mrs. Michu’s location, as well as the display of the advertisement, in order to target her (as a person appearing within 1km of the pizzeria for the first time in the last 6 months) with the ad.