In May 2026, ConductAtlas detected two significant changes to Meta’s privacy policy within days of each other. The first removed 438 sentences from the main privacy policy document. The second added 656 sentences detailing expanded data collection, third-party sharing, and international transfer practices. Together, these changes represent the most substantial restructuring of Meta’s privacy framework since the company rebranded from Facebook in 2021.
The restructuring coincides with growing controversy over Meta’s use of AI chat interactions for advertising. Privacy advocates and regulators have criticized the company for using conversations with Meta AI, the generative AI assistant available across Facebook, Instagram, and WhatsApp, to train advertising algorithms and personalize ad targeting.
This analysis is based on verified policy captures from ConductAtlas, which monitors Meta’s Privacy Policy, Terms of Service, Platform Policy, and Advertising Policies across both Meta and Meta Ads entities. Every claim below links to the archived provision with original clause language.
What Disappeared
The first change ConductAtlas detected was the removal of 438 sentences from Meta’s privacy policy. This is not a routine edit. For context, many complete privacy policies contain fewer than 438 sentences total.
| Consumer Rights | Explicit US consumer rights disclosures removed from main policy, relocated to separate Regional Privacy Notice |
| Policy Structure | Single comprehensive document fragmented into multiple cross-referenced policies |
| Data Collection | 656 sentences added detailing expanded collection, usage, sharing, retention, and international transfers |
| AI Processing | AI chat interactions now explicitly feed advertising personalization and content recommendation systems |
| Dispute Resolution | Shifted consumer disputes to home country courts while reserving California jurisdiction for Meta |
| Notice Period | Added 30-day advance notice requirement for future policy changes |
The removed content included specific language about how US residents could exercise privacy rights under state laws including CCPA and CPRA. This language was not deleted entirely. It was relocated to a new document called the US Regional Privacy Notice, which users must now find and read separately. The practical effect is that protections that were previously visible in the main privacy policy are now one click further away, behind a document most users will never discover.
AI Chat Data and Advertising
The most controversial aspect of Meta’s 2026 policy changes is the explicit use of AI chat interactions for advertising. When you ask Meta AI for a restaurant recommendation on Instagram, discuss travel plans on WhatsApp, or get recipe suggestions on Facebook, the updated policy authorizes the use of those interactions in the algorithms that determine what ads you see.
Meta frames this as delivering more relevant experiences. The Electronic Privacy Information Center and similar organizations have filed complaints with regulatory bodies, arguing that using conversational AI data for ad targeting raises consent and transparency concerns distinct from standard social media data processing.
The distinction matters because people interact with AI assistants differently than they browse social media. Conversations tend to be more personal, more specific, and more revealing of intent. A user who asks Meta AI about symptoms of a medical condition or discusses financial difficulties is generating data with a fundamentally different privacy expectation than someone scrolling a news feed.
The Fragmentation Problem
Before these changes, Meta maintained a single comprehensive privacy policy that covered data practices across its products. The restructured approach splits this into multiple documents: the main privacy policy, the US Regional Privacy Notice, the Privacy Center, product-specific data policies, and advertising policies.
Fragmentation serves a legitimate organizational purpose. Different jurisdictions have different requirements, and separating regional disclosures can improve clarity for users in specific locations. However, it also makes it harder for users, researchers, journalists, and regulators to get a complete picture of Meta’s data practices from a single source.
ConductAtlas monitors all four Meta documents precisely because fragmented policies require cross-referencing to understand the full scope of data processing. When a disclosure disappears from one document, it matters whether it reappeared somewhere else or simply vanished.
What Was Added
The second major change was the addition of 656 sentences to the privacy policy. This update added detailed language covering data collection practices, usage purposes, third-party sharing arrangements, retention periods, international transfer mechanisms, and legal compliance frameworks.
On its face, adding disclosure language sounds like a transparency improvement. The reality is more nuanced. Much of the added language expands the scope of what Meta claims the right to do with user data. New data collection categories, new sharing arrangements, new retention justifications, and new processing purposes all expand Meta’s operational flexibility while technically increasing disclosure.
This pattern, relocating consumer rights disclosures while adding broader processing terms, is one ConductAtlas tracks across platforms. The net effect may be an expansion of the agreement’s operational scope even as the total volume of disclosure language increases.
Regulatory Context
Meta faces regulatory pressure from multiple directions in 2026. In the EU, GDPR enforcement continues to intensify, with the Irish DPC handling multiple open investigations into Meta’s data practices. The EDPB has issued guidance on AI-powered advertising that specifically addresses the type of data processing Meta’s new policy describes.
In the United States, 20 states now have comprehensive privacy laws in effect. California’s CCPA/CPRA framework gives residents specific rights regarding automated decision-making technology, and new regulations taking effect in 2026 require risk assessments for AI-powered processing activities. Meta’s restructuring of consumer rights disclosures into a separate document raises questions about whether the company is meeting the spirit of these transparency requirements.
The FTC retains broad authority under Section 5 of the FTC Act and has signaled continued interest in AI-powered advertising practices. Meta’s previous $5 billion FTC settlement in 2019 included specific requirements around privacy governance that remain in effect.
What You Can Do
On each Meta platform (Facebook, Instagram, WhatsApp), go to Settings, then Privacy, then AI Data to see what controls are available.
Visit Meta’s Ad Preferences page to review and modify how your data is used for advertising. This does not stop all data collection but can limit some targeting.
If you are a US resident, the new US Regional Privacy Notice contains consumer rights disclosures that were previously in the main privacy policy.
Under GDPR, CCPA, and most state privacy laws, you have the right to access the personal data Meta holds about you. Submit a data access request through your account settings.
Meta’s privacy policy has undergone two major restructurings in a single month. ConductAtlas tracks all Meta documents and archives every detected change with version history and provision-level analysis.
Why Companies Fragment Privacy Policies
Splitting a single privacy policy into multiple regional and product-specific documents is an increasingly common practice among large technology platforms. There are legitimate reasons for this approach: different jurisdictions impose different requirements, and a single global document can become unwieldy.
However, fragmentation can also make comprehensive analysis more difficult for regulators, journalists, and researchers. Changes to one document may not draw attention to related changes across the full policy ecosystem. And increased disclosure volume does not necessarily translate to increased practical accessibility for users.
ConductAtlas tracks fragmented policy ecosystems by monitoring all related documents and cross-referencing changes. When sentences disappear from one Meta document and new ones appear in another, our archive captures both events and their relationship.
Primary Sources
Meta Privacy Policy (archived by ConductAtlas, updated May 2026)
Meta Terms of Service (archived by ConductAtlas)
Meta Platform Policy (archived by ConductAtlas)
Meta Advertising Policies (archived by ConductAtlas)
This analysis is based on 82 high-severity provisions across 4 monitored Meta documents. Every claim links to the provision page with original clause language and full version history.