We've made significant strides in enhancing our Privacy Review process through technology investment. Specifically, we’ve introduced a product-level decision framework that has improved consistency and standardization across our reviews. This framework has enabled us to automate and streamline the review process by leveraging past reviews on similar projects, and embed privacy controls directly into our engineering tools. These changes have enabled us to review over 1,400 launches monthly while maintaining consistent privacy standards.

We continue to advance and build our privacy-aware infrastructure— innovative and efficient constructs embedded in Meta infrastructure solutions that enable engineers to more easily address complex privacy requirements as they build products. Privacy-aware infrastructure embeds privacy rules directly into code, helping ensure requirements are automatically respected. For example, we built Policy Zones that apply across our infrastructure to address restrictions on data, such as using it only for allowed purposes, providing strong guarantees for limiting the purposes of its processing. PAI continues to be crucial in enforcing complex purpose limitation scenarios while ensuring scalability, reliability, and a streamlined developer experience.

We’re proactively reducing the amount of user data that we collect and use by deploying innovative tools and technology across Meta. We continue to invest in privacy-enhancing technologies (PETs)—technologies based on advanced cryptographic and statistical techniques that help to minimize the data we collect, process and use and have been working to open source this work in cases where useful for the broader ecosystem, including on PETs for AI through PyTorch. Additionally, our investments in PETs helped enable a new cryptographic security feature on WhatsApp that helps to verify that your connection and conversation is secure based on key transparency. This feature reduces the possibility of a third party impersonating the person or business a user wants to connect and share encrypted messages with, by checking the validity of public keys in the conversation against a server-side directory that stores public keys with user information and then providing a publicly available, privacy-preserving audit record for anyone to verify that data has not been deleted or modified in the directory.

Similarly, we developed a framework for code and asset removal which guides engineers through deprecating a product safely and efficiently. Deprecating products is a complex feat involving internal and external dependencies, including dependencies on other Meta products that may not themselves be in scope for removal. To address this, our Systematic Code and Asset Removal Framework (SCARF) includes a workflow management tool that saves engineers time by identifying dependencies as well as the correct order of tasks for cleaning up a product. In addition, SCARF includes subsystems for safely removing dead code as well as unused data types.

SCARF powers thousands of human-led deprecation projects alongside the millions of code and data assets it has cleaned automatically. It is additionally useful for our privacy teams, who use the tool to monitor progress of ongoing product deprecations and ensure that they are completed in a timely manner.

Since 2016, personal conversations on WhatsApp have been protected by end-to-end encryption, which means no one outside of a user’s chats, not even WhatsApp or Meta, can read or listen to them. In 2023, we began to roll out default end-to-end encryption for all personal one-to-one chats and calls on Messenger, making them even more private and secure. This ensures that no one sees your messages except you and who you’re chatting with.

This has taken years to deliver because we’ve taken the time to get it right. Our engineers, cryptographers, designers, policy experts and product managers have worked tirelessly to rebuild Messenger features from the ground up. Enabling end-to-end encryption on Messenger meant fundamentally rebuilding many aspects of the application protocols to improve privacy, security, and safety while simultaneously maintaining the features that have made Messenger so popular. Our approach was to leverage prior learnings from both WhatsApp and Messenger’s Secret Conversations (Messenger’s early optional end-to-end encryption offering), and then iterate on our most challenging problems like muti-device capability, feature support, message history, and web support. Along the way, we introduced new privacy, safety and control features like app lock and delivery controls that let people choose who can message them, while improving existing safety features like report, block and message requests. On WhatsApp, where all personal chats and calls are end-to-end encrypted by default, we launched a novel encrypted storage system, built using WhatsApp’s Auditable Key Directory, that gives users the ability to securely save and restore their WhatsApp contacts.

At its core, end-to-end encryption is about protecting people’s communications, so they can feel safe expressing themselves with their friends and loved ones. We worked closely with outside experts, academics, advocates and governments to identify risks and build mitigations to ensure that privacy and safety go hand-in-hand. We commissioned an independent human rights impact assessment and designed our products to prevent harm by design, offered robust user controls and invested in proactively identifying abuse.

Ray-Ban Meta glasses let you snap a photo or record a video from your unique point of view, listen to music or take a call—all without having to pull out your phone. Ray-Ban Meta glasses have been redesigned with a higher quality camera, improved audio and microphone systems, and new features, such as livestreaming and built-in Meta AI, so you don’t have to choose between capturing the moment and experiencing it.

Ray-Ban Meta glasses were built with privacy at their core, and serve as a clear proofpoint of our commitment to responsible innovation and privacy by design. We’ve incorporated stakeholder feedback—which we obtained early on from the moment we launched Ray-Ban Stories—in meaningful and tangible ways.

• The capture LED is now more noticeable and visible with a differentiated signaling pattern—solid to blinking—for longer-duration capture (video recording, live streaming).
• We also introduced a tamper detection feature to prevent users from recording while the capture LED is fully covered. If the capture LED is fully obscured, the user will not be able to utilize the camera and will be notified to remove the obfuscation before proceeding.
• The Meta View companion app continues to provide easy access to privacy settings to manage information and additional data sharing with Meta.

We launched Instagram Teen Accounts, a new experience for teens, guided by parents. Teen Accounts will also be coming to other Meta platforms. Teen Accounts have built-in protections which limit who can contact teens and the content they see. Teens will automatically be placed into Teen Accounts, and teens under 16 will need a parent’s permission to change any of the default built-in protections to be less strict.

• Private accounts: Default private accounts for teens under 16, requiring them to accept new followers. With default private accounts, teens need to accept new followers and people who don’t follow them can’t see their content or interact with them.
• Messaging restrictions: Teens are placed into the strictest messaging settings and can only be messaged by people they follow or are already connected to.
• Sensitive content restrictions: Teens are automatically placed in the most restrictive setting for sensitive content control, which limits the type of sensitive content teens see in places like Explore and Reels.
• Limited interactions: Teens can only be tagged or mentioned by people they follow.

Supervision Features for Parents: While parents can’t read their teen’s messages, they can see who their teen has messaged in the past seven days.

More details available here.

We launched new generative AI features, including AI stickers, image editing with AI, our AI assistant known as Meta AI spanning across our apps, and 28 new AI characters. We've updated the Privacy Center guide on Generative AI and other transparency resources so people have information on how we build our AI models, how our features work, and what options and privacy data rights they have in their region.

Our “Why am I seeing this?” tool continues to help people understand why they’re seeing the ads they do on Facebook and Instagram feeds. One key update was summarizing information into topics about how activity both on and off our technologies—such as liking a post on a friend’s Facebook page or visiting a sports website—may inform the machine learning models we use to shape and deliver the ads seen. We also introduced new examples and illustrations explaining how our machine learning models connect various topics to show relevant ads. Additionally, we introduced more ways for users to find our ads controls, providing the availability to access Ads Preferences from additional pages in the “Why am I seeing this ad?” tool.

Meta Content Library and Content Library API are research tools that provide qualified individuals with access to publicly-available content from Facebook, Instagram and Threads. Individuals can search, explore and filter the data on both a graphical user interface or through a programmatic API.

Accessible data includes posts from Facebook Pages, groups, events, and profiles, posts from Instagram accounts and posts from Threads profiles. Details about the content, such as the number of reactions, shares, comments and post view counts are available as well.

Meta partnered with the Inter-university Consortium for Political and Social Research (ICPSR) at the University of Michigan to share public data from Meta technologies in a responsible, privacy-preserving way. This partnership is enabled through ICPSR’s industry-leading Social Media Archive (SOMAR) initiative. SOMAR independently processes and reviews applications for access to Meta Content Library and Content Library API.

Our work to communicate transparently includes providing external education to improve people’s understanding and awareness of our practices and ensuring information is accessible and easy to find.

• Privacy Policy, which details how we collect, use, share, retain, and transfer information, as well as what rights and controls people have over their privacy.
• Privacy Center, where people can go to better understand our practices so they can make informed decisions about their privacy in a way that is right for them. Through education and access to privacy and security controls, we address some of the most common privacy concerns from the billions of people who spend their time with us everyday. Privacy Center has several modules, including sharing, collection, use, security, youth, generative AI, and ads, to directly connect an issue or concern with the relevant privacy and security controls we’ve built across our apps and services over the years.
• Data and Privacy Section of Newsroom, where we provide more information about how we’ve approached privacy in the context of particular features or issues.

To provide greater transparency and control to people, we’ve developed a number of privacy tools for people to understand what they share and how their information is used including:

• Privacy Checkup: Guides people through important privacy and security settings on Facebook to help strengthen account security and manage who can see what they share and how their information is used. Privacy Checkup has five distinct topics to help people control who can see what they share, how their information is used and how to strengthen their account security.
  • Who Can See What You Share helps people review who can see their profile information, like their phone number and email address, as well as their posts.
  • How to Keep Your Account Secure helps people strengthen their account security by setting a stronger password and turning on two-factor authentication.
  • How People Can Find You on Facebook lets people review ways in which people can look you up on Facebook and who can send you friend requests.
  • Your Data Settings on Facebook lets people review the information they share with apps they’ve logged into with Facebook. They can also remove the apps they no longer use.
  • Your Ad Preferences on Facebook provides information about how ads work on our Products, lets people decide what profile info advertisers can use to show them ads, and lets them control who can see their social interactions, like likes, alongside ads.
• Manage Activity: Allows people to manage posts in bulk with filters to help you sort and find the content they are looking for, like posts with specific people or from a specific date range. It also includes a deletion control that provides a more permanent option, so people can move old posts in bulk to the trash. After 30 days, posts sent to the trash will be deleted, unless they choose to manually delete or restore them before then.
• Accounts Center: Accounts Center is a place to help people manage connected experiences and change account settings across their Facebook, Instagram and Meta accounts. People can choose to add Facebook, Instagram and Meta accounts to the same Accounts Center, enabling them to:
  • Manage connected experiences across the accounts in the same Accounts Center, such as sharing posts or stories to multiple profiles at once, and logging in across accounts. Learn more.
  • Manage individual settings for each account in Accounts Center, such as personal details, password & security, and your information & permissions. Learn more.
    • Download Your Information and Access Your Information: Within Accounts Center settings, Meta provides tools to make people’s information on our products useful and easy to find, such as Activity Log, Access Your Information, and Download Your Information). In an effort to continually enhance these tools, in February 2024, we began including Data Logs in Download Your Information, which provide people more data about how they use our products. Data Logs include things like information about content they've viewed on Facebook, interactions off of Meta technologies and things we’ve recommended based on their activity.
  • Manage settings across all accounts at once if they are in the same Accounts Center, such as ad preferences and activity off-Meta technologies (which provides a summary of activity that businesses and organizations share with us about people’s interactions, such as visiting their apps or websites, and gives people the option to disconnect their past activity from their account). Learn more.
• Meta Quest and Meta Horizon:
  • Privacy settings: You can choose how social you want to be and how your information is shared with others through your privacy settings. The privacy settings that you choose on Meta Quest or the Meta Horizon app will be the same ones that you have on Worlds. You can manage your settings in the Meta Horizon app and on Meta Quest. You can make your Meta Horizon profile public or private, your Active Status allows you to control whether to share when you're online or were recently online, and Hide app activity lets you hide your activity for specific apps. Social privacy settings on Meta Horizon OS are simple and easily accessible from Quest’s settings controls or Worlds’ settings controls.
  • Sensor Lock For Quest: The new sensor lock feature cuts power to your headset’s external cameras and microphones in certain situations, like when the headset goes to sleep. And those sensors will stay powered off until you physically press the headset’s power button—so you stay in control. Sensor lock started as an optional feature on Quest 3 and will be included in all future models. Prior Quest devices turn off external cameras and microphones in software instead of being powered off directly.
  • Parent-managed Accounts: Parents can set up parent-managed Meta accounts for 10-12 year olds (ages may vary), allowing preteens to access a vast array of engaging and educational content in VR – with age-appropriate protections built specifically for them.