ConsentMark
Free Scan
M
Social EmbedMedium complexity

Meta Social SDK

by Meta Platforms

All product names, logos, and trademarks are the property of their respective owners. Their inclusion here is for identification purposes only and does not imply endorsement by Obscurity Ltd.

Sets cookies
No
Sends PII
No
Cross-site tracking
Yes
Consent required
Functional
Transfer mechanism
EU-US Data Privacy Framework

Overview

Meta's JavaScript SDK for embedding social plugins (Like buttons, Share buttons, Login, Comments, embedded posts) on third-party websites. Distinct from the Meta Pixel - this SDK provides social interaction features rather than conversion tracking. The CJEU Fashion ID ruling (C-40/17) established that website operators embedding Facebook Social Plugins are joint controllers with Meta for the collection and transmission of personal data triggered by the plugin.

Detection capabilities

Signature count
2
Detection methods
network
Property types
hostnamepathname

Performance impact

Performance Impact

Script size
180 KB
Requests per page
2

Common mistakes

  • 1Loading the SDK without consent - the CJEU Fashion ID ruling (C-40/17) established that website operators are joint controllers with Facebook for the data collection triggered by embedding Social Plugins
  • 2Using XFBML parsing on page load without gating behind consent - the SDK automatically sends user data to Meta when it initialises
  • 3Not disclosing the joint controllership obligation in your privacy notice as required by Fashion ID (C-40/17)
  • 4Embedding Like or Share buttons on pages with sensitive content (health, financial) without a DPIA

Compliance considerations

Loads scripts from connect.facebook.net and renders social plugin iframes from www.facebook.com. When initialised, the SDK transmits visitor data (IP address, browser metadata, page URL) to Meta regardless of whether the visitor interacts with the plugin.

Consent: Explicit consent required under ePrivacy Art 5(3). The CJEU Fashion ID ruling (C-40/17, 29 July 2019) confirmed that the website operator must obtain consent for the initial data collection, even though Meta determines the purposes of subsequent processing.

Joint controllership: Fashion ID establishes that the site operator and Meta are joint controllers for the collection and transmission phases. A joint controller agreement under GDPR Art 26 is required. Meta's standard terms may satisfy this, but verify coverage.

International transfers: Meta Platforms is certified under the EU-US Data Privacy Framework. Meta operates EU data centres (Dublin, Lulea) - verify data residency commitments in Meta's DPA.

CMP configuration: Categorise under functional or social consent and block SDK initialisation until explicit consent is granted.

Related services

AddThis

Oracle (AddThis)

Social EmbedLow risk

1 detection signature

Co-Buying

co-buying

Social EmbedLow risk

1 detection signature

Ekoo

ekoo

Social EmbedLow risk

1 detection signature

Feedbackify

feedbackify

Social EmbedLow risk

2 detection signatures

Scan your site for Meta Platforms

Run a free Consentmark scan to see how Meta Platforms is loading on your site, whether it respects consent, and where governance gaps exist across your wider tag estate.

Start a free scan