What are the institutional and regulatory implications of this document?

1) REGULATORY LANDSCAPE: This policy directly engages GDPR (EU/EEA users, enforced by the Irish Data Protection Commission as lead supervisory authority and other EU DPAs), the UK GDPR (enforced by the ICO), CCPA and CPRA (California residents, enforced by the California Privacy Protection Agency and California AG), COPPA (minors under 13 in the US, enforced by the FTC), and the EU-U.S. Data Privacy Framework. The policy's assertion of legitimate interests as a legal basis for certain processin…

How does Meta Ads's Meta Privacy Policy affect users?

Meta's policy permits the company to collect data about users not just from their direct interactions with Facebook, Instagram, and Messenger, but also from third-party websites and apps that use Meta's business tools such as the Meta Pixel, creating a surveillance footprint that extends well beyond Meta's own platforms. This aggregated data is used primarily to power personalized advertising, meaning the profile Meta builds about you influences the ads you see across all Meta products. You can…

How often is Meta Ads's Meta Privacy Policy updated?

ConductAtlas monitors this document daily and captures every version with cryptographic hashing and timestamp verification. Update frequency varies — see the change timeline on this page for complete version history.

Can I get alerted when Meta Ads updates this document?

Yes. Watcher subscribers ($9.99/month) can add Meta Ads to their watchlist and receive same-day email alerts whenever this document or any other Meta Ads document changes.

CA-D-000021

Meta Privacy Policy

Meta Ads

Last change detected May 5, 2026 Privacy policy

SHA-256: 50b6218559a3c08c1f5… 6 versions captured 5 changes documented

Create free account

Track 1 platform and get the weekly governance digest. No credit card required.

View original document at Meta Ads ↗

This page describes what the document states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability may vary by jurisdiction. Methodology

8 Total

5 High severity

3 Medium severity

0 Low severity

Summary

This is Meta's privacy policy explaining how the company collects and uses your personal data across Facebook, Instagram, Messenger, and related apps. The most significant thing for everyday users is that Meta tracks your activity both on and off its platforms, including websites and apps you use outside of Facebook or Instagram, and combines all of that information to build a profile used to target you with ads. If you want to limit how your data is used for advertising, you can adjust your ad preferences and off-Facebook activity settings at facebook.com/settings.

Technical / Legal Breakdown

This document is Meta's Privacy Policy governing the collection, use, and sharing of personal data across Meta's family of products including Facebook, Instagram, Messenger, and affiliated services, with the stated legal basis varying by jurisdiction (consent, legitimate interests, and contractual necessity under GDPR for EU/EEA users, and broader implied consent frameworks for others). The policy asserts that Meta collects an extensive range of data categories including content users create, communications, activity across third-party sites and apps via Meta's tracking pixels and APIs, device and network identifiers, location data, biometric-adjacent signals, and inferences drawn about users' interests, behaviors, and characteristics. Notably, the policy states that Meta combines data across its entire product family and from off-platform third-party sources to build unified user profiles for advertising targeting purposes, a scope of cross-context data aggregation that, while disclosed, may require evaluation under GDPR's data minimization and purpose limitation principles and CCPA's cross-context behavioral advertising opt-out requirements. The policy engages GDPR, the EU-U.S. Data Privacy Framework, CCPA/CPRA, COPPA, and a range of national data protection laws; EU users retain rights to access, rectification, erasure, restriction, portability, and objection, while California residents have opt-out rights for sharing of personal information for cross-context behavioral advertising. Material compliance considerations include the adequacy of Meta's consent mechanisms for sensitive inferences, the robustness of its data retention justifications, and the operational implementation of user rights requests across its global infrastructure.

Institutional Analysis

Institutional analysis available with Professional

Regulatory exposure by statute, material risk assessment, vendor due diligence action items, and enforcement precedent. Available on Professional.

Start Professional free trial

5 important changes detected

6 versions captured · Last updated: May 2026

May 5, 2026

low

What changed Meta updated its privacy policy on May 5, 2026 with primarily editorial and formatting changes. The company changed terminology from 'Privacy Center' to 'Privacy Centre', updated phrasing like 'our Products' to 'our products', and rewrote some sentences for clarity (for example, 'How long do we keep your information?' became 'How long do we keep your information for?'). These appear to be style, localization, and grammatical refinements rather than substantive changes to how Meta collects, uses, or shares your data.

Why this matters The detected changes are primarily editorial refinements and terminology updates (such as 'Privacy Center' to 'Privacy Centre' and grammatical rewording) rather than substantive modifications to Meta's data collection, use, or sharing practices. The policy's core commitments and your rights under it remain unaffected by these updates. No action is required in response to this specific change.

View full change record →

April 21, 2026

medium

What changed Meta removed a reference to the United States Regional Privacy Notice from its Privacy Policy on April 21, 2026, streamlining the header section. The policy no longer explicitly directs US residents to that separate document for details about their consumer privacy rights. This makes the primary Privacy Policy less clear about where to find information on exercising rights under US state privacy laws.

Why this matters The updated Privacy Policy no longer explicitly directs US residents to the United States Regional Privacy Notice, which previously provided details about consumer privacy rights available under state laws like the California Consumer Privacy Act and similar regulations. This removal does not eliminate those rights themselves, but it makes the Privacy Policy less clear about where consumers can find information on how to exercise those rights. Consumers can still locate the Regional Privacy Notice through Meta's website or by searching for it directly, but the removal reduces the accessibility and prominence of that guidance within the primary policy document.

View full change record →

April 19, 2026 low

Meta Ads restructured their privacy policy on April 19, 2026 by adding 219 new sentences and reorganizing the document with a clearer table of contents. The policy now includes distinct …

View change record →

April 18, 2026 low

Meta Ads updated its Privacy Policy on April 18, 2026 by adding nine new section headings that organize how it collects, uses, shares, and manages user data. The policy previously …

View change record →

March 11, 2026 low

Meta updated the title of its privacy policy on March 11, 2026, changing an en dash to a hyphen in the document header. The substantive content and disclosures about how …

View change record →

Recent Provision Changes Apr 19, 2026

10 provisions unchanged.

View full change record →

High — 5 provisions

Off-Platform Activity Tracking Compare →

Meta collects data about what you do on other websites and apps, not just on Facebook or Instagram, including purchases and ad interactions, through its tracking tools like the Meta Pixel and from data broker partners.

Added April 3, 2026 Standard Seen across 251 platforms
Cross-Product Data Combination for Advertising Compare →

Meta combines data from all of its apps including Facebook, Instagram, and Messenger, across all your devices, as well as data from external partners, to build a unified profile used for advertising and other purposes.

Added May 10, 2026 Standard Seen across 189 platforms
Sensitive Data Collection and Inference Compare →

Meta may collect sensitive personal data categories such as health, religious beliefs, political views, and sexual orientation if you provide them, and may also draw inferences about these characteristics from other data it collects.

Added May 10, 2026 Standard Seen across 251 platforms
Data Sharing with Third-Party Partners Compare →

Meta shares your personal data with a wide range of third parties including advertisers, analytics partners, measurement companies, vendors, researchers, and law enforcement, for purposes including ad targeting, measurement, and safety.

Added May 10, 2026 Standard Seen across 246 platforms
Advertising Personalization and Targeting Compare →

Meta uses the data it collects about you across all its products, and allows advertising partners to layer in their own data about you, to decide which ads you see on Facebook, Instagram, and affiliated services.

Added May 10, 2026 Standard Seen across 189 platforms

Medium — 3 provisions

Data Retention Without Fixed Periods Compare →

Meta does not commit to specific time periods for how long it keeps your data, instead retaining information on a case-by-case basis for as long as it determines necessary for its products, services, or legal obligations.

Added May 10, 2026 Standard Seen across 223 platforms
User Rights and Control Mechanisms

Meta states that users can access, correct, export, or delete their data, object to processing, withdraw consent, and file complaints, with the specific rights available depending on the user's jurisdiction.

Added April 27, 2026 Rare
Minors and Age Protections Compare →

Meta states its products are not intended for children under 13 in the US (or a higher minimum age in some countries), and claims it does not knowingly collect data from children below the applicable minimum age.

Added May 10, 2026 Standard Seen across 262 platforms