What are the institutional and regulatory implications of this document?

(1) REGULATORY LANDSCAPE: This policy engages GDPR (Regulation 2016/679) and the UK GDPR for EU and UK users, with enforcement by national Data Protection Authorities and the Irish Data Protection Commission as Meta's lead supervisory authority under the EU one-stop-shop mechanism. For California residents, the policy engages the CCPA as amended by the CPRA, enforced by the California Privacy Protection Agency. FTC Act Section 5 unfair or deceptive practices standards apply in the US context. T…

How does Meta Ads's Meta Privacy Policy affect users?

The agreement establishes that Meta collects personal data including off-platform browsing activity, location, device identifiers, inferred political views, religious beliefs, and health-related attributes and uses this data to serve targeted advertising across all Meta-owned products. Under these terms, data from third-party websites and apps that use Meta's business tools such as Meta Pixel is collected and associated with user profiles even when users are not actively using a Meta product. Y…

How often is Meta Ads's Meta Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Meta Ads updates this document?

Yes. Monitor subscribers ($19/month) can add Meta Ads to their watchlist and receive same-day email alerts whenever this document or any other Meta Ads document changes.

CA-D-000021

Meta Privacy Policy

Meta Ads

Last change detected May 5, 2026 Privacy policy

SHA-256: 50b6218559a3c08c1f5… 6 versions captured 5 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Meta Ads ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

4 High severity

4 Medium severity

0 Low severity

Summary

This is Meta's unified Privacy Policy covering how Meta collects and uses personal data across Facebook, Instagram, Messenger, WhatsApp, and Meta Quest. The policy states that Meta collects location data, device identifiers, browsing and app activity on third-party sites via tools like Meta Pixel, transaction data, camera and microphone data, and inferences about political views, religion, and health, and uses this information to serve personalized advertising across Meta's family of products. The policy also states that Meta shares user data with advertisers, measurement partners, third-party app developers, and 'data providers' (described as companies that supply additional information to supplement Meta's own data), and combines information across all Meta-owned products for these purposes.

Technical / Legal Breakdown

This document is Meta's Privacy Policy governing the collection, use, and sharing of personal data across Meta's family of products including Facebook, Instagram, Messenger, WhatsApp, and associated third-party integrations, with Meta Platforms, Inc. (for US users) and Meta Platforms Ireland Limited (for users elsewhere) identified as the data controllers. The policy states that Meta collects identifiers, device and browser information, location data, content and communications, activity data across Meta products and third-party sites and apps, transaction information, camera and microphone data, and inferred attributes including political views, religious beliefs, and health information for purposes including personalized advertising, product development, safety, and measurement. The policy authorizes cross-product data combination across Facebook, Instagram, WhatsApp, Messenger, and Meta Quest, as well as sharing with advertisers, measurement partners, third-party apps, data brokers described as 'data providers,' and entities in the Meta corporate family; the breadth of sensitive inferred data use for ad targeting and the cross-context behavioral tracking across third-party sites and apps via Meta Pixel and similar tools is operationally distinct from policies that limit such practices. The policy engages GDPR and the UK GDPR for European and UK users, the CCPA and CPRA for California residents, and general FTC Act consumer protection standards applicable in the United States; the document identifies legitimate interests and contractual necessity as legal bases alongside consent in certain contexts, and the applicability of specific rights such as opt-out of data sale or sharing, right to deletion, and right to restrict processing depends heavily on the user's jurisdiction. The policy states that users in the EU, UK, and certain other regions have additional rights including data portability, objection to processing, and lodging complaints with supervisory authorities, while users outside those jurisdictions operate under fewer explicit statutory protections as reflected in the document.

Institutional Analysis

Institutional analysis available with Compliance

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Compliance.

Start Compliance free trial

5 important changes detected

6 versions captured · Last updated: May 2026

May 5, 2026

low

What changed Meta updated its privacy policy on May 5, 2026 with primarily editorial and formatting changes. The company changed terminology from 'Privacy Center' to 'Privacy Centre', updated phrasing like 'our Products' to 'our products', and rewrote some sentences for clarity (for example, 'How long do we keep your information?' became 'How long do we keep your information for?'). These appear to be style, localization, and grammatical refinements rather than substantive changes to how Meta collects, uses, or shares your data.

Why this matters The detected changes are primarily editorial refinements and terminology updates (such as 'Privacy Center' to 'Privacy Centre' and grammatical rewording) rather than substantive modifications to Meta's data collection, use, or sharing practices. The policy's core commitments and your rights under it remain unaffected by these updates. No action is required in response to this specific change.

View full change record →

April 21, 2026

medium

What changed Meta removed a reference to the United States Regional Privacy Notice from its Privacy Policy on April 21, 2026, streamlining the header section. The policy no longer explicitly directs US residents to that separate document for details about their consumer privacy rights. This makes the primary Privacy Policy less clear about where to find information on exercising rights under US state privacy laws.

Why this matters The updated Privacy Policy no longer explicitly directs US residents to the United States Regional Privacy Notice, which previously provided details about consumer privacy rights available under state laws like the California Consumer Privacy Act and similar regulations. This removal does not eliminate those rights themselves, but it makes the Privacy Policy less clear about where consumers can find information on how to exercise those rights. Consumers can still locate the Regional Privacy Notice through Meta's website or by searching for it directly, but the removal reduces the accessibility and prominence of that guidance within the primary policy document.

View full change record →

April 19, 2026 low

Meta Ads restructured their privacy policy on April 19, 2026 by adding 219 new sentences and reorganizing the document with a clearer table of contents. The policy now includes distinct …

View change record →

April 18, 2026 low

Meta Ads updated its Privacy Policy on April 18, 2026 by adding nine new section headings that organize how it collects, uses, shares, and manages user data. The policy previously …

View change record →

March 11, 2026 low

Meta updated the title of its privacy policy on March 11, 2026, changing an en dash to a hyphen in the document header. The substantive content and disclosures about how …

View change record →

Recent Provision Changes Apr 19, 2026

10 provisions unchanged.

View full change record →

High — 4 provisions

Cross-Product Data Combination for Advertising Compare →

The policy states that Meta combines user data across Facebook, Instagram, WhatsApp, Messenger, and Meta Quest, as well as from third-party sites and apps, to build a unified profile used for personalized advertising and product recommendations.

Added May 10, 2026 Standard Seen across 284 platforms
Sensitive Attribute Inference for Advertising Compare →

The policy states that Meta uses inferred sensitive attributes including religious views, political views, and health information in its advertising systems, describing the use as exclusionary rather than directly targeting on those bases, though the policy acknowledges these attributes inform ad delivery.

Added May 20, 2026 Standard Seen across 284 platforms
Off-Platform Tracking via Meta Business Tools Compare →

The policy states that Meta receives behavioral and transaction data from third-party data providers and from partner websites and apps through Meta's business tools such as Meta Pixel and Conversions API, and that Meta requires partners to have a lawful basis for sharing that data.

Added May 20, 2026 Standard Seen across 284 platforms
Data Sharing with Advertisers and Measurement Partners Compare →

The policy states that Meta shares user data with advertisers, measurement partners, and analytics companies to support ad targeting, campaign measurement, and reporting, and that advertisers may also supply additional user identifiers to Meta for audience matching and targeting purposes.

Added April 9, 2026 Standard Seen across 252 platforms

Medium — 4 provisions

Children and Age Restriction Provisions Compare →

The policy states that Meta does not permit users under 13 years of age (or a higher age threshold in certain jurisdictions) to use Meta's covered products, and that Meta does not knowingly collect personal information from users below the applicable age threshold.

Added May 20, 2026 Standard Seen across 284 platforms
User Privacy Controls and Rights Compare →

The policy states that users have rights to access, correct, export, and delete their personal data, and to object to or restrict certain processing, with those rights subject to limitations including legal retention obligations and third-party rights.

Added May 20, 2026 Standard Seen across 284 platforms
Location Data Collection Compare →

The policy states that Meta collects location data including precise device location (where permitted), IP-based location, and location inferred from user activity such as check-ins and events, and uses this data across the purposes described in the policy including advertising.

Added April 3, 2026 Standard Seen across 284 platforms
Retention of Personal Data Compare →

The policy states that Meta retains personal data for as long as needed to provide services, comply with legal obligations, or protect its interests, with retention periods determined on a case-by-case basis according to the criteria listed.

Added May 20, 2026 Standard Seen across 284 platforms