- Domain
- Data Privacy
- When I worked on it
- 2018—2021
- Companies
- Meta, Walmart
- Topics
- consent, privacy settings, purpose limitation, data subject requests (DSR, DSAR, access, deletion), third-party data sharing, age-appropriate design, age assurance/verification, parental consent and controls, privacy impact assessments (PIA), profiling, advertising
- Regulations
- GDPR (EU), CCPA (California), LGPD (Brazil), POPIA (South Africa), Age Appropriate Design Code (UK), Fundamentals for a Child-Oriented Approach to Data Processing (EU), COPPA (USA)
3 years
Expertise
- Data Subject Requests (DSR): Privacy rights fulfillment, including identity verification, data platform orchestration to enable access and deletion requests, and identity resolution to ensure the right data is shown or deleted
- Consent: Evaluation of consent practices and establishment of UX standards
- Data Sharing: Standardization of third-party data sharing practices across products, developer APIs, and marketing systems
- Purpose Limitation: Data platform standards, controls, and operations to limit data use based on regulatory goals and user consent/settings
- Children's Privacy: Under 18 and under 13 issues, age verification, default settings, parental consent and controls, and age-appropriate personalization and ad targeting
Global Data Privacy @ Meta
From 2020-2021 as a PM Lead at Meta, I co-led a new "privacy regulatory readiness" team formed to systematically address upcoming global privacy regulation and evolving user expectations. I crafted complex product strategies and programs touching all products (Facebook, Instagram, Messenger, Oculus, WhatsApp) with approvals rising to the Chief Privacy Officer and division heads. Challenges leveraged all of my product management and legal background, including a mix of customer-facing and platform work.
Consent UX Standards
I led an effort to evaluate consent practices across 300+ touchpoints in our products and adopt user experience design standards to address potential dark patterns. As with many of our privacy initiatives, this involved extensive cross-organizational and cross-functional alignment. We socialized and iterated on standards, inventoried and evaluated consent flows against those standards, rolled out education and review process to ensure new consents followed the standards, and drove a multi-year plan to update existing consents.
Data Sharing
I led an effort to ensure we do not "sell data" under CCPA. We evaluated third-party data sharing practices across marketing systems, developer APIs, product experiences, and outside research programs, and drove alignment on product strategies and timelines to meet compliance goals. I also initiated a project to automate additional submission of users' data privacy requests to Meta to our third-party data processors where required by regulation.
Children's Privacy
I led a privacy products team to partner across the company in standing up a 200+ person initiative to make platform and UX changes to address upcoming global youth (typically meaning under 18) regulation such as the Age Appropriate Design Code (UK) and parental consent/control provisions in various countries' privacy laws. I worked with a cross-functional team to triage potential obligations, proposed product strategies and owners, and drove or facilitated roadmaps for Facebook, Instagram, Oculus, and WhatsApp. I contributed to product strategies and driving outcomes across the initiative, including:
- AI/ML-based age modeling
- Stricter default settings
- Parental consent and oversight of minor use of our apps
- What happens what minor users become adults
- Privacy education
- Significant limits on ad targeting and personalization
- Restricting use of minor data across systems
- Ensuring our public youth data commitments are backed by strong platform controls
- Assessment of AI/ML-based recommendation systems
Feedback:
- “His collaborative spirit has made Youth Privacy the most enjoyable project I've been on at Facebook.” –Ads PM
- “Sets a positive culture based on collaboration and praise. Unflappable in the face of complex, contentious topics. Pushes through to solutions that work for all parties. A real joy to work with.” –Instagram PM Manager
- “Has the unusual quality of marrying a great deal of openness with willingness to lead from the front.” –Director, Data Privacy Strategy
Some of our work has been shared publicly:
- AI/ML-based age modeling
- Stricter default settings, safety and mental health nudges, and limited recommendations
- 2021-03 Restricting DMs between teens and adults they don't follow, and prompting teens to be cautious
- 2021-07 Defaulting under 16s into private accounts
- 2021-12 "Take a break" reminders, nudge to try different topics, no tagging or mentioning teens who don't follow
- 2022-06 Updates to "Take a break" reminders and nudges to try different topics
- 2022-06 Sensitive Content Control and prompts to update safety and privacy settings
- Removal of ad targeting options
- Parental controls and education
- Parental consent flows released to signup for Facebook or Instagram in selected regulated countries
- 2022-03 Family Center and Parental Supervision Tools + Education Hub (alt)
- 2022-06 Parental supervision tools for Oculus Quest and Instagram
- 2022-09 Global rollout of supervision tools on Instagram (time spent, limits, notify of reports, see connected accounts)
Selected Deck Screenshots
CCPA Program @ Walmart
From 2018-2020 as a Director at Walmart in Marketing Technology, I led 7 PMs and 60+ cross-functional partners to build and drive cross-company value from a Customer Data Platform (CDP). See CDP Portfolio for more details.
In 2019, I led our team to play a central role in providing identity resolution and orchestration capabilities underpinning CCPA access, deletion, and opt-out requests.