This requirement is mandatory when you want to make your app public and have the app featured in the App Store of Facebook or whenever your app requests information from users, i.e. the Sign-in with Facebook.
When you use the APIs from Facebook, you’re requesting personal information from users through Facebook. This triggers a number of laws aimed at protecting personal information, including the General Data Protection Regulation (GDPR).
Because you collect personal information from Facebook users, you’re not only required to have this legal agreement for your Facebook app, but also have it for your website, mobile app, and so on.