Get consent, full opt-in. I think most people just do a "do you accept this page uses cookies? Yes, No, Read more" and on the read more page you specify what you use the cookies for, and how you interact with Facebook.
Simply, you first present the user with a dialog asking them for approval to track them, (and you have to make that explicit), and only once given approval, you actually load the tracking code from Facebook, and interact with their third-party cookies.
If the user says no, well, just redirect to Google, or something – but you can’t load or set that tracking data before the user has clicked "Yes, I agree", and you can’t hide the fact that users are actively tracked in the ToS or somewhere.
If you don’t care about breaking european law, you can just leave the tracking there, never asking the user, but, well, you’re breaking european law then.
Has anyone actually been prosecuted for this? I can imagine that in Germany they might follow up on this but elsewhere in Europe I see plenty of sites not informing users.
Actually, yes. And, yes, it was in Germany. And it was in fact for using Facebook tracking pixels and "like" buttons by large newspapers.
Which is why every newspaper then switched to "2-click Like", where the Facebook button is first shown in grey, you click it, it loads the actual button, and you can like.