META PLATFORMS, INC. AND THE EU-U.S. and SWISS-U.S. PRIVACY SHIELD
Meta Platforms, Inc. (“Meta”) has certified to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield Frameworks”) with the U.S. Department of Commerce regarding the collection and processing of personal data from our advertisers, customers, or business partners in the European Union, the United Kingdom, and, where a Swiss data controller uses Meta as a data processor, Switzerland (“Partners”), in connection with the products and services described in the Scope section below and in our certification, although Meta does not rely on the EU-U.S. Privacy Shield Framework for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. To learn more about the Privacy Shield program please visit www.privacyshield.gov.
Scope: Meta adheres to the Privacy Shield Principles (as set out in each of the Privacy Shield Frameworks) for the following areas of our business (collectively the “Partner Services”):
  • Workplace: Workplace is a service that allows people to more effectively collaborate and share information at work. Partners (employers or organizations - the data controllers) may submit personal information about their members to Meta, with Facebook Ireland as the processor and Meta Platforms, Inc. as a sub-processor. While Partners and their members decide what information to submit, it typically includes things like business contacts, customer and employee information, employee-generated content and communications, and other information under the Partner’s control. For more information, members may contact the Partner through which they hold a Workplace account and review Workplace’s privacy policy.
  • Ads and Measurement: Meta offers Ads and Measurement products and through those services Meta may receive personal data from unaffiliated Partners (the data controllers) where Facebook Ireland is the processor and Meta Platforms, Inc. is a sub-processor. This includes things like contact information and information about individuals’ experiences or interactions with the Partners and their products, services, and ads. For more information about our ads and measurement products, visit our About Facebook Ads page and our Data Policy.
Meta uses the personal data provided by our Partners to provide Partner Services in accordance with the terms applicable to the relevant Partner Service and otherwise with the Partners’ instructions.
Choice. Under the Privacy Shield Principles, individuals have the right to opt out of (i) disclosures of their personal information to third parties; or (ii) uses of their personal information for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individual. As a data processor, Meta works with its Partners to ensure that individuals are offered appropriate choices applicable under the Privacy Shield Principles.
Access. Within the scope of our authorization to do so, and in accordance with our commitments under the Privacy Shield, Meta will work with its Partners to provide individuals access to personal data about them that Meta holds on behalf of its Partners. Meta also will take reasonable steps to enable individuals, either directly or in connection with the Partners, to correct, amend, or delete personal data that is demonstrated to be inaccurate.
Third Parties. Meta may transfer data within the Facebook family of companies and to third parties, including service providers and other partners. In accordance with the Privacy Shield Principles, Meta is liable for any processing of personal data by such third parties that is inconsistent with the Privacy Shield Principles unless Meta was not responsible for the event giving rise to any alleged damage.
Legal Requests. Personal data that is transferred to us by our Partners may be subject to disclosure pursuant to legal requests or other judicial and government process, such as subpoenas, warrants, or orders. For more information, review the “How do we respond to legal requests or prevent harm?” section of our Data Policy and the “Disclosure of information” section of the Workplace Privacy Policy.
Enforcement. Meta’s compliance with the Privacy Shield Principles is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Questions and Disputes. Please contact us with any questions or concerns relating to our Privacy Shield certification. You have the option to resolve any applicable disputes you have with us in connection with our certification through TRUSTe, an alternative dispute resolution provider based in the United States. You can contact TRUSTe through their website. In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles in each of the Privacy Shield Frameworks. Additionally, as part of the Privacy Shield Frameworks, the U.S. State Department Senior Coordinator serves as the Ombudsperson to facilitate the processing of requests relating to national security access to data transmitted from the EU and Switzerland (respectively) to the U.S.
For more information about Meta’s privacy practices please review our Data Policy.