Guidelines for Data Sharing

Ultimately, you are responsible for protecting your users' data privacy. That means it's up to you to ensure your third-party partners comply with Meta's requirements. To help you manage your partners and their sub-providers, Meta's Developer Data Use Policy or DDUP includes specific rules for data sharing.

This guide will help you follow those rules. But please note: This guide isn't exhaustive, and is not a replacement for reading and understanding the DDUP in full.

Stop Before You Share

Before you share data with any third party, ask: Does the third party with whom you share data…

• only access User Data to deliver a service they are contracted to?
• reasonably protect User Data, using at least the same standard of security practices as you?
• describe their incident report process in their terms of service?
• delete User Data when required under the terms outlined in the DDUP?

If any of these boxes are unchecked for any third parties with whom you share data, you have more work to do. Work with those third parties to get those commitments in writing, then be prepared to provide those documents to Meta if necessary.

Meta requires your third-party service providers to adhere to the same standards as you do. So, Meta evaluates those providers' adherence in the Data Protection Assessment (DPA). Once you feel confident that your third-party service providers meet Meta's requirements, use these steps to prepare to answer the corresponding questions in the DPA.

Disclaimer: This resource does not guarantee compliance with Meta policies, nor applicable data privacy laws. Review Meta Horizon's Developer Data Use Policy for a comprehensive overview of Meta's requirements.