With new data protection regulations to be enforced in 2018, it’s time for businesses to start organising their consumer data and to begin to comply early on, so as not to be caught out. However, is it still a good idea – for charities in particular – to use Facebook’s Lookalike audience feature when creating ads?

The new data protection regulations (now called General Data Protection Regulation, or GDPR) enforced by the EU mean that businesses can’t misuse or mishandle consumer data, and have to be completely transparent to the consumer what their data is going to be used for, and cannot decide later on to send them something that they haven’t signed up for. For example, if a consumer signs up on your website to receive your newsletter, you cannot a few months down the line send them an email about a fundraising request.

At the same time, there are extremely restrictive regulations in place on how UK charities and non-profits manage donor data. This information cannot be given to a third party for marketing purposes, which on the surface would seem to rule out Lookalike Audiences.

What is a Lookalike Audience?

This is a way to reach people who are most likely to be interested in your business or charity because they’re similar to your existing customers. These are created using an email list of previous customers, or example, or visitors to your website tracked using a Facebook Pixel code. More information can be found on Lookalike Audiences here.

People will be wary of the new regulations in regards to this feature, and rightly so, as it can be seen that they may be mishandling consumer data by using it for a different use to what the consumer signed up for originally. But this isn’t the case.

The data used by Facebook in this case feature is hashed on both ends. Hashing is simply the process of turning audience’s data (in this case, their email addresses) into a number, essentially an irreversible digital fingerprint. This hashing happens on your computer and never leaves your server. Facebook also hashes its profiles and stores them into a second list of numbers.

These two lists of digital fingerprints are then compared, and any that match (two hashed fingerprints the same from each list) become your custom audience stored within your ad account. If a hash doesn’t match, it gets ignored. Once the process of matching hashes completes all the hashes get deleted, both matching and non-matching.

To protect the data even further, you never get to see an exact amount of matches or specific individuals in your custom audience, just an approximation of how many people your audience contains.

The consumer data you use to create a Lookalike Audience is never shared explicitly, but only as a digital fingerprint to create a match, and is then deleted, therefore it is completely safe for use.