Today, we’re sharing some of the changes we’ve made to our privacy approach over the past year and examples of how we’re operating differently to ensure we protect people’s privacy. We’re laying a foundation for the future by changing the way we build products, setting new levels of accountability and ensuring privacy is everyone’s responsibility at Facebook.
Proof Is in the Products
Over the past several months, we’ve made changes to Public Groups and built new products like Shops on Facebook and Instagram, Facebook Campus and Accounts Center. Thanks to effective collaboration across multiple teams at Facebook, these products all succeed in giving people the best experience, while also honoring their privacy. This is made possible by our revamped Privacy Review process, which helps ensure every new product or feature is built with privacy in mind, meaning it has the appropriate tools and processes in place to help address potential risks and protect people’s information.
This privacy-first approach applies to all aspects of our work across Facebook. For example, during the COVID-19 pandemic we’ve worked quickly to support small businesses as well as health researchers and academics without compromising on any safeguards when it comes to privacy.
When launching our small business grant program in Europe, we worked with grant administrators and partners to build the right safeguards to honor legal obligations around proper data use. We used our Privacy Review process to limit our use of the data provided for these grants. This delayed the launch of the program until we were able to validate the appropriate safeguards, but it was important for us to get this right before moving forward.
We also worked quickly to design and build tools for health researchers like the Symptom Survey. We designed this tool with strong privacy considerations, and it works by connecting people to the survey on Facebook, and then directing them off-platform to complete the survey on a site hosted by our academic partners. As part of the privacy considerations, researchers don’t share survey responses with Facebook, instead, they aggregate the data and share it through a public API that everyone can access. By using our new privacy framework, we were able to provide researchers with a valuable tool for understanding the spread of the virus, while protecting people’s privacy.
We’re sharing this work in our Privacy Matters series, so that people can learn more about how we approach these kinds of questions, challenges and decisions. We’ve posted over two dozen times so far this year, outlining how we’re designing privacy into our products, as well as sharing details about privacy improvements and relevant policy developments like data portability and people-centered privacy design.
Making Privacy Part of Everyone’s Job
In April 2020, a federal court approved our agreement with the Federal Trade Commission (FTC). As part of the agreement, we formed a Privacy Committee of our Board of Directors; these independent directors, including Peggy Alford, Nancy Killefer (chair) and Robert M. Kimmitt, are responsible for overseeing risks related to privacy and data use. We also appointed an Independent Assessor to report on our compliance directly to this committee.
The agreement catalyzed a change in our company’s culture and our goal is to make privacy a core responsibility for every employee. From Privacy Review to our new risk assessments and privacy training, we’re starting to see a shift in our company’s culture, but we can’t rely on that alone. We’re also building technical privacy improvements across our infrastructure to ensure we’re implementing the decisions we make consistently.
And we’re continuing to invest in research and innovation that will help us build privacy-safe products and develop new ways to process data. We’ll continue working with policymakers, privacy experts and others on emerging privacy areas as we build solutions to ensure people feel safe and comfortable using our products.