This is a simple post. Sometimes you get ads on Facebook and you are just not interested in what they’re selling. This is a way to find out who has uploaded your email address into facebook to target ads at you, and then- if you’re in the EU- how to use the new General Data Protection Regulation to get those advertisers to delete you from their system.
So, here we go.
First, get a copy of all your data from Facebook.
For this you; (deep breath)
Login to Facebook
Go to the little arrow in the top right hand corner of the Facebook screen, then select ‘Settings’
Then, on the left hand menu, select ‘Your Facebook Information’
Then select ‘Download a copy of your Facebook information to keep or to transfer to another service’
Now click the big green ‘Download Archive’ button
Now it’ll ask you to put your password in. Finally, it’ll tell you that it’ll email you when the archive is ready to download. When the email comes and you click on the link it contains, you will eventually download a zip file. Unzip it and you will end up with a folder containing something like this:
Choose ‘Index’. Then your browser will open a mostly white page with your profile detail showing. On the bottom left side of the screen, you’ll find a menu.
Now, scroll down the (likely) very long list until you reach the last section- headed, ‘Advertisers who uploaded a contact list with your information’. These people and bodies all have your data- they must, because they uploaded it into Facebook, to show you ads.
And, if you’re in the EU, under the GDPR, you can invoke your right under Article 17.1(b) to withdraw consent for these companies to hold your data or process it in any way. Just email them these words any time after the 25th May 2018:
Dear [entity name]
I am currently within the EU and I have learned from Facebook Ireland Ltd that you have in the past uploaded a contact list to the Facebook platform which included my information.
I wish to invoke my right of erasure of that data and any other data you may hold relating to me under Article 17.1(b) of the General Data Protection Regulation. I also wish you, as per Article 17.2, to take steps, including technical measures, to inform controllers which are processing the personal data that I, as the data subject, have requested the erasure by such controllers of any links to, or copy or replication of, my personal data.
Please confirm you have completed this task within one month of the date of sending of this email.
If you’re feeling particularly feisty, you can even build an email mail merge by cutting and pasting the whole list into a spreadsheet, finding the contact emails for each of the bodies and then scheduling the message to be automatically sent on the 26th May 2018, one day after the GDPR comes into effect.