Meta rewrites the privacy policy, but the contents and complexities haven’t changed

Meta is making changes, yet again, to how the privacy policy as well as the terms of service, are presented to users. This will include social media platforms such as Facebook as well as Instagram. The revised privacy policy as well as an updated Privacy Center, Meta said, have been developed after feedback from users. Meta insists that the updated policy doesn’t give the tech giant any additional rights over user data, which is indicative that no new elements, including data collection or data sharing, have been added to the policy and terms of use this time around.

This is mostly an exercise to include Meta’s newer products and services (such as Shops and Facebook View), and simplify the language for anyone who wants to read through a privacy policy document. “While the text looks different in many places, Meta is not collecting, using or sharing your data in new ways based on this policy update and we still do not sell your information,” says Michel Protti, chief privacy officer, Product at Meta, in a statement.

More clarity about your data, where it is shared and why?

Meta has included more details about the types of third- parties with whom user data is shared and the subsequent information received, while also explaining the reasons for user information being shared across Meta’s products. This leads to details about how the user data is then used to offer personalised experiences across Meta’s apps. The company insists the rewritten privacy policy is adding more details and examples about the data practices since the last update.

To be sure, what Meta is now calling “Privacy Policy”, was earlier known as “Data Policy”. The contents and ambit remain largely similar.

The reworded and restructured privacy policy will link closely with the updated Privacy Center settings, with quicker access to controls that you’ll be able to toggle or reconfigure as you decipher the policy. Basically, it has been designed to no longer be just a large chunk of plain text, instead offering an intuitive format. The contents and scope do not change for Meta, and it doesn’t change for users either. Except quicker access to tools and options to have better control over a user’s own data.

The updated Meta Privacy Policy, for the time being, covers Facebook, Instagram as well as Messenger, as the highlights. The apps and services that the rewritten privacy policy doesn’t cover include WhatsApp, Workplace, Free Basics, Messenger Kids, or the use of Quest devices without a Facebook account. These platforms have their own privacy policies governing usage.

Meta confirms that the rewritten privacy policy comes into effect from July 26, while users will start to receive notifications (these may be within the Facebook app or land in your email inbox) about the new update in the coming days and weeks. Users don’t have to accept or deny – these notifications are just for-your-information about the rewritten privacy policy and the new tools that are now available. At the same time, the Terms of Service are also being updated.

Simplified, but complexities remain

The new privacy policy may have been rewritten and reworked to be easier to read and understand. Yet, the very structure of how Meta operates the business, and the complexity of the layers, is quite apparent the moment you’d start to dig deeper. This is particularly true for data collection. A simple illustration – start with the “What kinds of information do we collect?” section and within that, the “Information from partners” subsection.

This takes you to a section, “How does Meta work with data providers?” wherein you’ll be informed that Meta and Facebook don’t work with third-party data providers (something that was discontinued a few years ago). But hang on for a moment. “Businesses may continue, on their own, to work with data providers. Many businesses today work with third parties to help manage and understand their marketing efforts,” said Meta’s policy.

While Facebook and indeed Meta may have streamlined the data collection habits over time (regulatory pressure or the mandatory need for consent in some instances), there is still very much the chance of your data changing hands multiple times (again, might be without your consent at all) once it gets out of Meta’s territory and scope of permissions. Businesses that are using your data, can then go ahead to process it further to be able to offer targeted advertising.

Privacy Controls updated, this time for everyone

The updated Privacy Center controls will now allow users to opt out of certain ad categories, a new addition to the Ad Topics and Interest Categories controls which were consolidated in November last. Categories that you choose or opt out of, will impact the advertisements you see on Facebook as well as Instagram. More ad topics are being added to the list.

Meta began rolling out the Privacy Center earlier this year, which initially was limited to a set of users in the US (and limited to the desktop version, at the time), with a wider rollout subsequently. These controls will now be available to all users, irrespective of whether they access Facebook using the mobile web, desktop, iPhone app, or the Android app. If you haven’t already, we suggest glancing through your Facebook account settings just to see what data is being shared, and if there are any changes, you’d want to make to the advertising preferences too.

Facebook is immediately offering new audience controls for all posts you make on the platform. As a user, you’ll now be able to select a permanent setting for the default audience for your posts (with the ability to make one-off changes for certain posts too) – the choices will continue to be Public, Friends and Friends except…, and the one you select will be the default setting for all posts you make after that. So far, this default audience choice for posts matched whichever audience a user chose for the most recent post.

Regaining trust?

Meta has had a tough time of late, particularly with a trust deficit that has stemmed from what was at one point, absolutely opaque data collection policies for tracking and serving targeted advertising to users. A testament to that fact has been the success of Apple’s App Tracking Transparency (ATT) feature for iPhone, which allows users to opt out of being tracked by apps (such as Facebook and Instagram, but not restricted to just that) across the world wide web and other apps.

ATT prevents any app or platform from collecting data it can share with advertisers to send out personalized ads, something many platforms including Facebook had been doing for years without taking any consent from users. Till ATT arrived, users had no option to opt out or stop apps from tracking their usage. Earlier this year, Google also confirmed it is taking the first steps towards what it calls a Privacy Sandbox for Android phones, something that’s expected to work like Apple’s ATT, allowing users the option of consenting to, or opting out of being tracked for ads.

“With Apple’s iOS changes and new regulations in Europe, there is a clear trend where less data is available to deliver personalised ads. But people still want to see relevant ads, and businesses still want to reach the right customers,” said Mark Zuckerberg, CEO, in the earnings call for the previous quarter.

Data released earlier this year by analytics firm Flurry, which surveyed 5.3 million iPhones updated with iOS 14.5 or later (that’s when Apple’s ATT was rolled out early last year), indicates the monthly opt-in rate to stop apps tracking users is 24% globally. Meta believes that ATT’s impact will be to the tune of a $10 billion headwind on Meta’s advertising business through this year.

Data by AppFlyer, an online analytics firm, indicates that 46% of all iPhone users worldwide, who saw an ATT prompt on their phone for any app they used, opted out of being tracked. In India, the overall opt-out rate across all apps among iPhone users is 48% while it is 35% specifically for social media apps.

The need for rewrites

Meta, and indeed specifically for Facebook and Instagram, need to get on the right side of the regulators too. The European Union’s upcoming Digital Services Act (DSA) will clamp down heavily on what can and cannot be used for targeted advertising. There also must be complete disclosure about the ads being served. “Meaningful information about advertising and targeted ads: who sponsored the ad, how and why it targets a user,” says the text of the DSA.

In the US, regulators are pushing for the proposed legislation, called Competition and Transparency in Digital Advertising Act, which will force tech giants including Meta and Google, to break up their advertising businesses, and to eliminate the dominance which gives these companies an advantage in their other businesses.