Meta Privacy Policy

Meta
Last updated March 24, 2026 Privacy policy
+ Watch this document
10 Total
8 High severity
2 Medium severity
0 Low severity
Summary

This is Meta's privacy policy covering how Facebook, Instagram, Messenger, and related apps collect and use your personal information. The most important thing to know is that Meta tracks your activity both on and off its platforms — including websites and apps you use that have nothing to do with Meta — to build a detailed advertising profile that includes inferred characteristics like your political views, religion, and health interests. You can limit some ad targeting by going to your Facebook or Instagram settings under 'Ad preferences' and adjusting off-Facebook activity controls, though this does not stop all data collection.

Technical Summary

This document is Meta's unified Privacy Policy governing data collection, processing, and sharing across Facebook, Instagram, Messenger, WhatsApp, and other Meta Products, with legal bases including consent, legitimate interests, and contractual necessity under GDPR and equivalent frameworks. The policy creates obligations for Meta to provide transparency and user controls, while simultaneously authorizing extensive data collection across behavioral, relational, location, device, and inferred-characteristic categories to support targeted advertising as Meta's primary commercial activity. Notably, Meta explicitly claims the right to collect data about non-users ('people who haven't created a Meta account') through off-platform activity tracking, and to use facial recognition-equivalent technologies and derive sensitive inferences (political views, health, religion) from user activity without requiring explicit consent for inference derivation. The policy engages GDPR (EU) 2016/679, UK GDPR, CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.), COPPA (15 U.S.C. §6501), and sectoral frameworks across multiple jurisdictions; material compliance considerations include the adequacy of consent mechanisms for sensitive data processing, the lawfulness of legitimate interests assertions for advertising profiling, and ongoing regulatory scrutiny from the Irish Data Protection Commission, FTC, and state attorneys general.

Institutional Analysis

REGULATORY EXPOSURE: This policy implicates GDPR (EU) 2016/679 Arts. 5, 6, 9, 13, 17, 22 (enforced by the Irish Data Protection Commission as lead supervisory authority, with cooperation from all EU …

REGULATORY EXPOSURE: This policy implicates GDPR (EU) 2016/679 Arts. 5, 6, 9, 13, 17, 22 (enforced by the Irish Data Protection Commission as lead supervisory authority, with cooperation from all EU DPAs); UK GDPR and Data Protection Act 2018 (ICO); CCPA/CPRA Cal. Civ. Code §§1798.100–1798.199 (enf…

🔒

Compliance intelligence locked

Regulatory exposure, material risk, and due diligence action items.

Evidence Provenance
Captured March 11, 2026 06:00 UTC
Document ID CA-D-000021
Version ID CA-V-000075
Source URL https://www.facebook.com/privacy/policy/
Wayback Machine View archived versions →
SHA-256 b4b7e5d469d94bff30c4034ac6fe09bf6647a22f657eaf855603b9be8c70b77a
✓ Snapshot stored ✓ Text extracted ✓ Change verified ✓ Cryptographically signed
Change Timeline
Analyzed Changes

1 change analyzed since monitoring began.

Updated March 11, 2026

low
What changed Meta updated their Meta Privacy Policy on March 11, 2026. Change detected: 1 sentence(s) modified. Document contained 1 sentences after update.
Consumer impact Meta's Privacy Policy was updated on March 11, 2026, but the change is purely cosmetic — an em dash in the title was replaced with a hyphen. This has no effect on how Meta collects, uses, or shares your personal data. No action is needed in response to this change.
Why it matters This change does not matter in any substantive way — it is a single punctuation character update in the policy title. No data rights or practices were affected.
High Severity — 8 provisions
Medium Severity — 2 provisions