You’ve sent potentially violating personal data to Facebook

  • Resolved Rosso Digital

    (@roberthemsing)


    6 months, 2 weeks ago

    We’ve been receiving email notifications about “You’ve sent potentially violating personal data to Facebook” for a while now. For the first time we could now also see the notification in our client’s event manager.

    It says that the potentially violating data that was sent was the first_name and last_name URL query parameter of the PageView and Purchase event. We only send pixel data from the WordPress website to the Meta Events Manager via your plugin so we’re not sure how there could be an issue with the most basic personal data that’s being transmitted?

    This seems to be a global issue affecting your plugin as it happens across many of our client’s sites and not just one. All of them use the Facebook for WooCommerce plugin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Shameem R. a11n

    (@shameemreza)

    Hi @roberthemsing

    It seems like Facebook is detecting some parameters in your order received URL as sensitive data. This happens when Meta (Facebook) detects URL parameters that potentially contain personal data in the path of the URL. Example: https://example.com/account/order-received?username=johndoe

    Our plugin does not add any information to the URL path. The only information that our plugin is sending through the browser pixel is product and order data. The source of this warning is URL paths generated by the server or other plugins, which must be fixed there.

    The best way to determine this is to:

    • Temporarily switch your theme to Storefront or Twenty Twenty-Four
    • Disable all plugins except for WooCommerce and Facebook for WooCommerce
    • Repeat the action that is causing the problem

    If you’re not seeing the same problem after completing the conflict test, then you know the problem was with the plugins and/or theme you deactivated. To figure out which plugin is causing the problem, reactivate your other plugins one by one, testing after each, until you find the one causing conflict. You can find a more detailed explanation on how to do a conflict test here.

    I hope that helps! Let me know once you have done a conflict test!

    Thread Starter Rosso Digital

    (@roberthemsing)

    Hi @shameemreza

    I looked into the specific link that was provided in the Events Manager diagnostics notification. – See below.

    https://[siteurl].com.au/checkout/order-received/6568/?key=removed&utm_nooverride=removed&PayerID=removed&st=removed&tx=removed&cc=removed&amt=removed&cm=removed&payer_email=removed&payer_id=removed&payer_status=removed&first_name=removed&last_name=removed&address_name=removed&address_street=removed&address_city=removed&address_state=removed&address_country_code=removed&address_zip=removed&residence_country=removed&txn_id=removed&mc_currency=removed&mc_fee=removed&mc_gross=removed&protection_eligibility=removed&payment_fee=removed&payment_gross=removed&payment_status=removed&payment_type=removed&handling_amount=removed&shipping=removed&item_name1=removed&item_number1=removed&quantity1=removed&mc_gross_1=removed&tax1=removed&num_cart_items=removed&txn_type=removed&payment_date=removed&receiver_id=removed&notify_version=removed&custom=removed&invoice=removed&verify_sign=removed&filteredParams=_removed

    When using the normal credit card checkout there were no added URL parameters however it seems that PayPal adds additional parameters to the order-received redirect link. In PayPal Sandbox mode it didn’t redirect to the website automatically and when I redirected the URL only looked like the below without any sensitive information in it:

    https://[siteurl].com.au/checkout/order-received/6573/?key=wc_order_yYmi4TgYsX6SW&utm_nooverride=1&PayerID=PKTPW6LFHJWZ2

    I’m honestly not sure how to battle this one because I can’t replicate a redirect that includes all the personal information as URL parameters but it seems the issue – at least for this particular client – only occurs with PayPal payments? Is there a way to tweak your plugin to hash the info? Or is it best to reach out to the PayPal plugin developers to see if they can tweak anything?

    Plugin Support Shameem R. a11n

    (@shameemreza)

    Hi @roberthemsing

    Is there a way to tweak your plugin to hash the info?

    While it seems like a good idea, but I’m not sure if it’s feasible or if it will solve the problem. You may need to reach out to a developer for further assistance.

    But remember, it would be best to fix the source of the issue before making changes to the plugin.

    Or is it best to reach out to the PayPal plugin developers to see if they can tweak anything?

    Since the problem appears to be related to the PayPal plugin, I recommend reaching out to the PayPal plugin developers for further assistance. They should be able to help you understand why these additional parameters are being added and how to prevent it.

    Please feel free to ask if you have any other questions or concerns.

    Hi ?? We haven’t heard back from you in a while, so I’m going to mark this as resolved – we’ll be here if and/or when you are ready to continue.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.