The policy states that Meta uses inferred sensitive attributes including religious views, political views, and health information in its advertising systems, describing the use as exclusionary rather than directly targeting on those bases, though the policy acknowledges these attributes inform ad delivery.
This analysis describes what Meta Ads's agreement states, permits, or reserves. It does not constitute a legal determination about enforceability. Regulatory applicability and practical outcomes may vary by jurisdiction, enforcement context, and individual circumstances. Read our methodology
This provision discloses that sensitive personal data categories are processed within Meta's advertising infrastructure. The distinction between 'exclusionary' and 'targeting' use of special category data may require evaluation under GDPR Article 9, which restricts processing of such data regardless of the direction of its application in ad delivery.
Interpretive note: The policy's distinction between 'exclusionary' and 'direct targeting' use of sensitive attributes is operationally ambiguous and the GDPR Article 9 compliance implications of this distinction depend on regulatory interpretation and enforcement posture.
The updated Privacy Policy no longer explicitly directs US residents to the United States Regional Privacy Notice, which previously provided details about consumer privacy rights available under state laws like the California Consumer Privacy Act and similar regulations. This removal does not eliminate those rights themselves, but it makes the Privacy Policy less clear about where consumers can find information on how to exercise those rights. Consumers can still locate the Regional Privacy Notice through Meta's website or by searching for it directly, but the removal reduces the accessibility and prominence of that guidance within the primary policy document.
View change record →This clause establishes that Meta's systems process inferred information about a user's religious views, political views, and health as part of ad delivery, even if the stated purpose is to avoid showing certain sensitive ads rather than to serve them.
How other platforms handle this
We may display advertisements on our Services and those advertisements may be targeted to your interests based on your personal information. We may share your personal information with advertising partners for interest-based advertising purposes. You may opt out of interest-based advertising by visi...
src="https://trc.taboola.com/1142432/trc/3/json" ... src="https://www.googletagmanager.com/gtag/js?id=DC-15299257" ... src="https://tr.snapchat.com/config/com/af90c7f8-bd28-4988-b1ce-1711aad792f4.js" ... src="https://tr.snapchat.com/config/com/8fbe1595-8c5a-46b1-bbb2-66f3d57debde.js" ... src="https:...
At Ledger, earning and maintaining our users' trust is a top priority. That's why we are deeply committed not only to protecting your privacy and securing your personal data, but also to being fully transparent about how we handle it.
Monitoring
Meta Ads has changed this document before.
Receive same-day alerts, structured change summaries, and monitoring for up to 25 platforms.
"We use information about you including your religious views, political views, or health to provide you with ads. We don't use special category information to target ads directly based on these topics, but we do use this information to make sure we don't show you ads that might be sensitive given this information.— Excerpt from Meta Ads's Meta Privacy Policy
(1) REGULATORY LANDSCAPE: GDPR Article 9 prohibits processing of special categories of personal data (including data revealing political opinions, religious beliefs, and health data) without explicit consent or another enumerated exception. The Irish DPC and other EU supervisory authorities have issued guidance and enforcement actions concerning the processing of special category data in advertising contexts. The policy's framing of this processing as 'exclusionary' does not eliminate the Article 9 analysis, as processing of special category data occurs regardless of the operational direction. (2) GOVERNANCE EXPOSURE: High. The use of health, religious, and political inferences within advertising systems is among the most regulated data processing activities under GDPR and is subject to heightened scrutiny. The policy's assertion that this does not constitute 'direct targeting' on these bases may not fully resolve the Article 9 compliance question. (3) JURISDICTION FLAGS: EU and EEA users have the greatest exposure given GDPR Article 9 restrictions. The UK GDPR imposes equivalent requirements. US users have fewer statutory protections for sensitive inference data outside of California, though the FTC has increasingly scrutinized sensitive data practices. (4) CONTRACT AND VENDOR IMPLICATIONS: Advertisers using Meta's platform should be aware that their campaign delivery may be informed by sensitive attribute inferences about their audience, which may create obligations under their own privacy disclosures to end users. (5) COMPLIANCE CONSIDERATIONS: DPOs operating in EU jurisdictions should assess whether the legal basis for sensitive attribute processing within Meta's ad systems is adequate under GDPR Article 9, and whether any separate consent mechanism or legitimate interest assessment has been published by Meta in relation to this specific processing activity. California compliance teams should evaluate whether sensitive personal information opt-out rights under CPRA apply to this inference and use practice.
Full compliance analysis
Regulatory citations, enforcement risk, and due diligence action items.
Free: track 1 platform + weekly digest. Monitor: 25 platforms + same-day alerts. No credit card required.
Compliance Governance Intelligence
Need to monitor specific governance provisions?
Compliance includes provision-level monitoring, governance timelines, regulatory mapping, and audit-ready analysis.
Built from archived source documents, structured governance mappings, and historical version tracking.
This provision discloses that sensitive personal data categories are processed within Meta's advertising infrastructure. The distinction between 'exclusionary' and 'targeting' use of special category data may require evaluation under GDPR Article 9, which restricts processing of such data regardless of the direction of its application in ad delivery.
This clause establishes that Meta's systems process inferred information about a user's religious views, political views, and health as part of ad delivery, even if the stated purpose is to avoid showing certain sensitive ads rather than to serve them.
No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by Meta Ads.