• Text Resize A A A
  • Print Print
  • Share Share on facebook Share on twitter Share

Third Party Websites and Applications Privacy Impact Assessment

  • Date: 09/07/2016
  • OPDIV: CMS
  • TPWA Unique Identifier (UID):
  • Tool(s) covered by this TPWA: Facebook Ads
  • Is this a new TPWA? Yes.
    • If an existing TPWA, please provide the reason for revision: Not applicable (N/A).
  • Will the use of a third party Website or application create a new or modify an existing HHS/OPDIV System of Records Notice (SORN) under the Privacy Act? No.
    • If yes, indicate the SORN number (or identify plans to put one in place.): N/A because CMS is not collecting or storing any personally identifiable information (PII).
  • Will the use of a third party Website or application create an information collection subject to OMB clearance under the Paperwork Reduction Act (PRA)? No.
    • If yes, indicate the OMB approval number and approval number expiration date (or describe the plans to obtain OMB clearance.)
    • OMB Approval Number: N/A.
    • Expiration Date: N/A.
  • Does the third party Website or application contain Federal Records? No.
  • Describe the specific purpose for the OPDIV use of the third party Website or application:
    CMS will use Facebook Ads to deploy digital display ads and video ads across the Facebook platform to consumers. Facebook is a free social networking site that allows Facebook registered users to create profiles, upload photos and videos, send messages, and keep in touch with the people in their social network. CMS maintains an educational presence on Facebook in the form of a HealthCare.gov branded page. To learn more about privacy related to the social networking uses of Facebook and the HealthCare.gov branded page, visit http://www.hhs.gov/pia/index.html#Third-Party.

    Facebook Ads places a cookie or pixel (also known as a web beacon) for conversion tracking on certain pages of CMS’s website (e.g. HealthCare.gov). Conversion tracking allows Facebook Ads to measure the performance of CMS advertisements based on consumer activity and to report the ad performance to CMS.  Conversion tracking reports inform the advertiser whether consumers who view or interact with an ad later visit a particular site or perform desired actions on that site. Facebook Ads will then provide CMS with summary-level conversion tracking reports that contain no personal information about consumers. These reports will allow CMS to measure how effective Facebook advertisements are to CMS’s digital advertising outreach and education efforts.

    Facebook visitors, even if not registered with Facebook, will see advertising on the Facebook platform, regardless of whether they have “liked”, “shared”, commented on, or visited any CMS branded Facebook page. However, registered users may see ads that are targeted to them based, in part, on information these users have shared through their Facebook profile. Visitors not registered with Facebook may see ads based on different criteria, such as websites they have previously visited or the specific page they are looking at on Facebook. CMS will also use Facebook Ads for retargeting, an advertising technique used by online advertisers to present ads to users who have previously visited a particular site.
  • Have the third-party privacy policies been reviewed to evaluate any risks and to determine whether the Website or application is appropriate for OPDIV use? Yes, and the review has determined that the application is appropriate for OPDIV use, taking into account the risks posed by the following: use of cookies, web beacons, and pixels for targeted advertising based on sensitive information; targeting, retargeting and conversion tracking based on Facebook profile information; and Facebook profile information leading to identification of CMS website visitors.
  • Describe alternative means by which the public can obtain comparable information or services if they choose not to use the third party Website or application: If consumers do not want to interact with advertisements from Facebook Ads, consumers can learn about CMS campaigns through other advertising channels such as TV, radio, CMS websites, and in-person assisters and events.
  • Does the third party Website or application have appropriate branding to distinguish the OPDIV activities from those of nongovernmental actors? Yes. Facebook Ads appear within the Facebook platform and are accompanied by Facebook branding.
  • How does the public navigate to the third party Website or application from the OPDIV?  N/A.
    • Please describe how the public navigates to the third party Website or application: N/A.
    • If the public navigates to the third party Website or application via an external hyperlink, is there an alert to notify the public that they are being directed to a nongovernmental Website?  N/A.
  • Has the OPDIV Privacy Policy been updated to describe the use of a third party Website or application? Yes.
  • Is an OPDIV Privacy Notice posted on the third party Website or application? N/A.   Facebook Ads does not provide the ability to place a privacy notice within an ad on the Facebook platform.
    • Confirm that the Privacy Notice contains all of the following elements: (i) An explanation that the Website or application is not government-owned or government-operated; (ii) An indication of whether and how the OPDIV will maintain, use, or share PII that becomes available; (iii) An explanation that by using the third-party Website or application to communicate with the OPDIV, individuals may be providing nongovernmental third-parties with access to PII; (iv) A link to the official OPDIV Website; and (v) A link to the OPDIV Privacy Policy:  N/A.
    • Is the OPDIV's Privacy Notice prominently displayed at all locations on the third party Website or application where the public might make PII available?  N/A.
  • Is PII collected by the OPDIV from the third party Website or application? No.
  • Will the third party Website or application make PII available to the OPDIV? No.
  • Describe the PII that will be collected by the OPDIV from the third-party Website or application and/or the PII which the public could make available to the OPDIV through the use of the third-party Website or application and the intended or expected use of the PII: CMS does not receive any PII through its use of Facebook Ads.
  • Describe the type of PII from the third party Website or application that will be shared, with whom the PII will be shared, and the purpose of the information sharing: Facebook Ads does not share any PII with CMS.
    • If PII is shared, how are the risks of sharing PII mitigated? N/A.
  • Will the PII from the third party Website or application be maintained by the OPDIV? N/A.
    • If PII will be maintained, indicate how long the PII will be maintained: N/A.
  • Describe how PII that is used or maintained will be secured: N/A. CMS does not receive, use, or maintain PII from Facebook Ads.
  • What other privacy risks exist and how will they be mitigated? CMS will conduct periodic reviews of Facebook’s privacy policy to ensure its policies continue to align with agency objectives and privacy policies and do not present unreasonable or unmitigated risks to user privacy. CMS employs Facebook Ads solely for the purposes of improving CMS services and activities online.

    Both visitors that are and are not registered with Facebook will see advertising when they visit the Facebook platform. However, registered users may see ads that are targeted to them based, in part, on information these registered users have shared through their Facebook profile such as their declared interests, age, city and state of residence, or life events they share. Visitors that are not registered with Facebook may see ads based on different criteria, such as websites they have previously visited or the specific page they are looking at on Facebook. The privacy risks described below primarily apply to registered Facebook users, who are viewing ads targeted to them based, in part, on their profile information and behaviors on the Facebook platform.

    Use of Cookies, Web Beacons, and Pixels for Targeted Advertising Based on Sensitive Information

    Potential Risk:
    The use of cookies, web beacons, and pixels generally present the risk that an application could collect information about a user’s activity on the Internet that could be used for purposes not intended by the user. These purposes include providing users with targeted advertising based on information the individual user may consider sensitive, including information about the webpages a consumer visited both outside and within the Facebook platform.

    Additional Background:
    Facebook Ads collects non-personally identifiable information by placing a cookie or pixel (also known as a web beacon) on CMS’s pages. A web pixel (or web beacon) is a transparent graphic image (usually 1 pixel x 1 pixel) placed on a web page in combination with or separate from, a cookie and allows CMS to collect information regarding the use of the web page that contains these technologies. A cookie is a small text file stored on a user’s computer that allows the site to recognize the user and keep track of preferences. These technologies are used for conversion tracking on certain pages of CMS’s website (e.g. HealthCare.gov). This allows Facebook Ads to measure the performance of CMS advertisements and to report the ad performance to CMS, for example, by reporting whether consumers who view or interact with an ad later visit a particular site or perform desired actions on that site.  

    CMS advertising displayed through the Facebook platform will carry persistent cookies that enable CMS to display advertising to individuals who have previously visited the CMS website. (Persistent cookies are stored on a user’s hard drive for some period of time.)  In this instance, the persistent cookie will be stored on the user’s computer for up to 90 days, unless removed by the user.

    Mitigation:
    Both CMS sites and Facebook provide users information about the use of persistent cookies, the information collected about them, and the data gathering choices they have in their website privacy policies.

    When a user is routed to a CMS site by clicking on a CMS advertisement displayed through Facebook, and the Tealium iQ Privacy Manager is present on the CMS site, users are able to control which cookies they want to accept from the CMS site. Tealium iQ Privacy Manager is a tool that keeps track of users’ preferences in reference to tracking and will prevent web beacons from firing when a user has opted out of tracking for advertising purposes. Tealium iQ Privacy Manager can be accessed through information provided in the privacy policy on webpages where Tealium iQ Privacy Manager is deployed. Tealium iQ Privacy Manager can also be accessed within the CMS privacy policy by clicking on the large green button “Modify Privacy Options” that turns off the sharing of data for advertising purposes.

    The ability to control which cookies users want to accept from a CMS site is only valid when Tealium iQ Privacy Manager is installed on the specific CMS website. For example, when users are routed to CMS sites without Tealium iQ Privacy Manager, and do not wish to have cookies placed on their computers, the user can disable cookies through their web browser. Separately, CMS includes the Digital Advertising Alliance AdChoices icon on all targeted digital advertising. The AdChoices icon is an industry standard tool that, like the Tealium iQ Privacy Manager, allows users to opt out of being tracked for advertising purposes.
    • Facebook offers users the ability to opt out of Facebook advertising cookies through the following processes:
    • Facebook members can choose to opt out of tracking on third party sites by adjusting their advertising preferences in their Facebook account. This is the most persistent method of opting out.
    • Opt out options on websites of industry self-regulation programs in which Facebook participates, including the Digital Advertising Alliance, offer users notice about the use of persistent cookies and related techniques.
    • Facebook honors all “Limit Ad Tracking” settings on mobile devices.
    • Facebook Ads provides a link on all advertising that provides members with an option to opt out of tracking. On all ads, users have the ability to:
      • “Hide this ad”: If a user chooses this, the user will not see the ad again. This is specific to the ad ID within the campaign only;
      • “Hide all ads”: If a user chooses this, the user will not see ads from that advertiser on Facebook. The option hides/blocks all ads from either the subdomain (e.g., www.healthcare.gov) or the page (e.g., www.facebook.com/healthcare.gov);
      • “Why am I seeing this ad?” Redirects the user to their Ad Preferences.
    Targeting, Retargeting and Conversion Tracking Based on Facebook Profile Information

    Potential Risk:
    Facebook Ads targets consumers based on information voluntarily provided within the user’s registered profiles. Facebook Ads uses data derived from user profile information, aggregated by Facebook, combined with information about a user’s behavior across multiple sites and over time. The resulting combined information could be viewed by some consumers as revealing patterns in behavior that the user may not want to disclose to Facebook Ads or its advertising clients. These patterns in behavior could enable and/or improve targeting by other advertisers who may wish to target customers within the health care sector, including targeting based on the type of data that some consumers may consider to be sensitive.

    Additional Background:
    Third party data targeting allows for the deployment of ads to consumers whose profiles or on-site actions (e.g., “likes” of specific pages or brand posts) match specific attributes an online advertiser is looking to target. Retargeting is an advertising technique used by online advertisers to present ads to users who have previously visited a particular site. Conversion tracking allows advertisers to measure the impact of their advertisements by tracking whether users who view or interact with an ad later visit a particular site or perform desired actions on such site, such as signing up for a program or requesting further information. CMS will engage Facebook Ads to use these advertising techniques to deliver CMS digital advertising to persons who are more likely to be interested in CMS advertising content. However, Facebook Ads will not share any PII with CMS from the utilization of these tactics.

    Engaging an ad service like Facebook Ads that uses third party data targeting, retargeting, and conversion tracking will enable CMS to improve the efficiency of its ads by delivering them to persons most likely to be interested in the ad content. It will also enable CMS to provide further information to consumers who have previously visited a CMS website, such as deadlines, new developments, or reminders to complete a survey.

    Mitigation:
    Although Facebook Ads will have information on users who visited a CMS web site through the cookies and web beacons placed within CMS digital advertising content, Facebook Ads will not use the patterns in behavior detected by these tools to enable or improve targeting by other advertisers who may wish to target solely users who visited a CMS website and may be interested in issues surrounding health care or CMS programs. Instead, Facebook Ads collects aggregate level “interaction” data to identify consumers that are most likely to interact with an ad from a specific industry (e.g., health insurance) for the purposes of improving the ability of advertisers to reach consumers who are more likely to interact with their advertising. Facebook Ads does not allow for the targeting of only consumers who have specifically interacted with an ad from CMS. CMS receives an aggregated performance report from Facebook Ads to optimize its ads.

    Both CMS sites and Facebook provide users information about the use of persistent cookies, the information collected about them, and the data gathering choices they have in their website privacy policies.

    When a user is routed to a CMS site by clicking on a CMS advertisement displayed through Facebook Ads, and the Tealium iQ Privacy Manager is present on the CMS site, users are able to control which cookies they want to accept from the CMS site. Tealium iQ Privacy Manager is a tool that keeps track of users’ preferences in reference to tracking and will prevent web beacons from firing when a user has opted out of tracking for advertising purposes. Tealium iQ Privacy Manager can be accessed through information provided in the privacy policy on webpages where Tealium iQ Privacy Manager is deployed. Tealium iQ Privacy Manager can also be accessed within the CMS privacy policy by clicking on the large green button “Modify Privacy Options” that turns off any sharing of data for advertising.

    The ability to control which cookies users want to accept from a CMS site is only valid when Tealium iQ Privacy Manager is installed on the specific CMS website. For example, when users are routed to CMS sites without Tealium iQ Privacy Manager, and do not wish to have cookies placed on their computers, the user can disable cookies through their web browser. Separately, CMS includes the Digital Advertising Alliance AdChoices icon on all targeted digital advertising and advertising that is subject to conversion tracking. The AdChoices icon is an industry standard tool that, like the Tealium iQ Privacy Manager allows users to opt out of being tracked for advertising purposes.

    Facebook offers users the ability to opt out of Facebook Ad Services advertising cookies through the processes listed above under the “Persistent Cookies & Web Beacon” section. 

    Facebook Profile Information Leading To Identification of CMS Website Visitors

    Potential Risk:
    Facebook’s access to both personally identifiable and non-personally identifiable data about registered Facebook users presents the risk that CMS site visitors who are also registered Facebook users could be identified, and Facebook could misuse that data about these users.

    Mitigation:
    CMS does not receive any personally identifiable information from Facebook Ads. CMS receives aggregated performance data in the form of statistical reports, including reports on clicks, views, and impressions (exposure to an advertisement) of CMS digital advertising, that are made available to CMS managers who implement CMS programs, members of the CMS communications and web teams, and other designated federal staff and contractors who need this information to perform their duties.

    Facebook Ads provides information on the types of information collected about users in its privacy policy, as well as choices with respect to such information collection or how it is used. Users can opt out of this tracking through the processes listed above under the “Persistent Cookies & Web Beacon” section.
Content created by Assistant Secretary for Administration (ASA)
Content last reviewed on October 18, 2016