Our Privacy Progress and the Path Ahead

Two years ago, we announced our plans to fundamentally shift our approach to protecting people’s privacy. Today, I’d like to share the continued progress we’ve made by publishing a new Privacy Progress Update that provides our most detailed look to date at the work we’re doing to embed privacy into all facets of our company and the investments we’re making to keep improving our privacy technology and practices. You may have seen some of these updates in the form of new privacy tools and controls in our apps. Others are less obvious, like the ways we’ve created a cultural shift to make privacy a core responsibility of everyone at Facebook. With today’s update, we’re bringing all of this together to make it easier to understand the details of our privacy approach.

As Chief Privacy Officer, Product at Facebook, my job is to oversee our company-wide privacy program and make sure that we respect and honor people’s privacy in everything that we do. This work includes standing up new governance and oversight mechanisms, implementing new processes to identify and address privacy risks, and changing the way we build privacy into our products. We’re also making technical improvements to our tools and systems in order to scale privacy effectively. I’m confident that this new way of working will give us the structure we need to continue innovating on our privacy approach and laying a foundation for the future.

Transparency About Our Privacy Efforts

Being accountable also means being transparent, which is why we’re sharing a more comprehensive look at the changes we’re making to our privacy approach. Our new Privacy Progress Update dives deeper into how we’ve designed our privacy program to scale and evolve over time. To enable the key components of this work, we have a cross-functional group of teams from engineering, legal, policy, compliance and product disciplines that are dedicated to designing and implementing our privacy program. On top of that, every person working at our company — from our CEO and executives, to engineers on each of our apps and sales and business functions across the globe — has a role to play in supporting privacy. 

It’s important that our privacy program translates into how we engineer and build our products and services. To achieve this, we’ve designed processes and technical mechanisms that embed privacy into all aspects of our company operations. Examples of this include Privacy Review, which has guided us to design with privacy in mind when creating experiences like new ephemeral messaging options and ensuring age-appropriate experiences for youth. It also includes efforts like incident management, third party oversight and our work on external data misuse like data scraping. 

As an example of our new approach to privacy, throughout the COVID-19 pandemic we’ve focused on empowering experts and partners in the public health space with data to help track the spread of the virus and inform response efforts, while protecting people’s privacy. Our privacy program helps ensure every new product or feature built to support pandemic efforts is done with privacy in mind, meaning it has the appropriate tools and processes in place to help address potential risks and protect people’s information. 

Another key part of our overall program is embedding privacy into the technical fabric of our company. While we still have a lot of work left to do, we’re creating sustainable technical solutions to meet evolving privacy expectations and ensure consistent application of our privacy requirements across our products and systems. This is a company-wide undertaking that will likely take years to fully accomplish, but we believe it’s an important investment in the future of privacy at Facebook.

Continued Expansion of Privacy Tools and Controls

Even as we focus on designing privacy into our products and making smart privacy decisions through Privacy Review, it’s also our responsibility to make sure everyone understands the privacy tools available to them to control their data. With that in mind, over the past year we’ve made several updates to make our privacy tools more intuitive and easier to navigate. We’ve also built new controls, including additional ways to access your information, manage your activity and control features that work across our apps in Accounts Center

In addition to accessing and managing how your information is used across our apps, we’ve also introduced new ways to move your data from one service to another through advancements in data portability. We announced a new photo and video transfer tool allowing you to share your data with other apps and services like Google Photos, Dropbox, Koofr and Backblaze. And we’re expanding our data portability partnerships to include Google Docs, WordPress and Blogger so people will be able to transfer their notes and posts. We hope this tool empowers people to take control of their data and encourages the creation of updated rules around data portability by lawmakers. We look forward to working with more experts and companies to expand the scope of what you can move between platforms.

An Ongoing Dialogue

Our Chief Privacy Officer for Policy, Erin Egan, who leads our public policy work on privacy, and her team have always engaged with experts in the privacy space to help guide us, and we’re going to continue seeking their feedback to improve our privacy program. As just one new example of this partnership with the privacy community, she recently started a video series of conversations around critical privacy policy issues with external privacy experts including Bojana Bellamy of the Centre for Information Policy Leadership, Alex Givens, President and CEO of the Center for Democracy and Technology, and Jules Polonetsky of the Future of Privacy Forum. Privacy policy is complex and technological advancements mean change is a constant, so we are looking to privacy experts to help guide the way forward for companies like ours.

We also continue to support updating the rules of the internet, including a comprehensive federal privacy law in the US that harmonizes with existing frameworks globally and further solidifies the rights of consumers and the responsibilities of companies. Our work to engage constructively with policymakers and experts on regulation is ongoing, as we’ve demonstrated with data portability and privacy legislation

Our privacy work is ongoing. While we’ve made significant investments over the past two years, we’ll continue to refine our practices and improve our tools as expectations change and technology advances. We’ll continue to share our progress on our Privacy Matters page to provide transparency into the work that we’re doing and the investments we’re making to protect people’s privacy, and we’ll encourage conversations about where we go from here.