From a legal perspective here are a few heads up…..
Facebook’s ability to share personal data depends on whether it has done the following:-
It must comply with the Data Protection Act 1988, which implements the EU Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive)…..no idea how long this will drag on based on BREXIT. It needs to be aware of any Data Sharing Code and other specific good practice guidance.
Consider specific legal and regulatory requirements, for example, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) as amended by the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (SI 2011/1208) (Privacy Regulations)
Comply with relevant professional guidance and voluntary industry codes.
Presumably Facebook is in compliance but it is a mammoth task and often many fail to adhere…..