Privacy Center
Leading 6 designers and federated design across Meta's Family of Apps to build a privacy platform from scratch
- Role
- Lead Product Designer (IC6)
- Timeline
- 2021–2023
- Focus
- Platform Design
- Scope
- Org Leadership
Role: Lead Product Designer (IC6) Team: 4 designers led, with XFN partners across Legal, Policy, Regulatory, Engineering, Research, and Comms Timeline: 2021–2023 Surfaces: Web + Native — Facebook, Instagram, Messenger, WhatsApp, and beyond
Executive Summary
Meta had no centralized place to communicate its privacy practices, own its narrative, or give people real agency over their data. Privacy settings were scattered across apps. Policy documentation was dense and disconnected. Privacy narratives existed largely in reactive Newsroom posts written under media scrutiny — not ahead of it.
I was brought in as the lead designer to build something that didn't exist yet. What started as a directive to create a privacy communications hub, I reframed as a platform problem: a narrative without utility only creates the perception of control. Real trust requires real control.
Over two years, I led the strategy, defined the product architecture, built and led a team of four designers, and developed the frameworks that governed how privacy products across Meta integrated into the platform. Privacy Center launched globally on Facebook in 2022, successfully absorbed Meta's Privacy Policy launch with minimal regulatory friction, and established the controls taxonomy and IA architecture that became company-wide standards.
The Problem
Privacy controls were fragmented across Meta's family of apps with no consistent logic, language, or access model. The Privacy Policy and Terms existed in isolation. Help articles referenced controls that were nearly impossible to find. There was no proactive infrastructure — just a reactive communications posture that left the company perpetually behind the news cycle.
Two audiences were failing simultaneously: privacy-aware users who wanted control but couldn't find it, and regulators under GDPR, the DMA, the FTC consent order, and the ePrivacy Directive who viewed the fragmentation itself as a transparency violation.
The hardest part wasn't building a surface. It was holding the tension between what leadership needed (narrative ownership), what users needed (genuine agency), and what regulators needed (demonstrable transparency) — and designing something that served all three without compromising any.
Strategic Framework
Foundation → Adapt → Transform
I developed a three-phase sequencing framework to align the organization, manage competing pressures, and give the initiative a credible long-range vision:
| Phase | Focus | Timeline |
|---|---|---|
| 01 — Foundation | Build the core platform. Address immediate regulatory pressures. Centralize existing privacy products. | 2022–2023 |
| 02 — Adapt | Scale through strategic partnerships. Build with the company, not just for users. Anticipate privacy implications of new product launches. | 2023–2025 |
| 03 — Transform | With trust established, envision proactive, personalized privacy as a product differentiator. | 2025+ |
This framework gave the organization a shared decision model: every request could be evaluated against which phase it belonged to, and whether we were ready for it. It protected foundational work from premature complexity and gave leadership a credible long-range vision to align around.
Prioritization on Three Axes
Rather than optimizing for a single stakeholder, I built a prioritization model that held three axes simultaneously: External Pressures (regulatory and media), Company Priorities (anticipating upcoming product launches), and User Needs (right information, right moment, right control). Most teams pick one. We held all three.
Platform Architecture
Reframing the Product
The earliest framing was "a privacy help center." I pushed back early. A help center is static and reactive. What we needed was a solutions surface — one that identifies privacy situations, maps them to relevant controls, and delivers those controls in context. This distinction had profound architectural consequences and ultimately determined the scope and ambition of everything that followed.
Altitudes & Groupings
I developed a meta-level IA framework defining where privacy products belong across Meta's ecosystem:
- Family Center — Parent/guardian level controls
- Accounts Center — Account-level settings for connected experiences
- Privacy Center — Situation-based solutions surface (app + account level)
- App Experiences — Privacy built directly into products
Critically, these surfaces are not mutually exclusive. A product can live in one or all of them. This framework became the standard evaluation model for every privacy product integration request across Meta.
The Controls Toolbox
Before anything could be centralized, I identified a foundational gap: there was no shared language for controls across Meta. I developed the Controls Toolbox — a taxonomy that defined the grammar of privacy controls:
- Setting → Control → Control Experience (core definitions)
- Grouping types: Centralization, Unification, Co-location, Consolidation
- Control Experience types: Links to Controls, Rendered-in-Place Controls, Consolidated Privacy Control
I also built the Contextualizing Controls Worksheet — a structured tool for partner teams to evaluate any new integration: identify the Privacy Situation, map entry points, determine which controls resolve it. This turned a complex design process into a repeatable methodology that teams across the company could use independently.
The Controls Toolbox was widely adopted as the standard framework for all privacy product integration evaluations at Meta.
What Shipped
- Global launch of Privacy Center on Facebook (web + native), addressing five core privacy concern areas plus a geo-gated Safety guide
- Privacy Policy integration — the updated policy launched inside Privacy Center with supplemental context and controls, resulting in significantly reduced regulatory scrutiny compared to previous policy launches
- Entry points scaled across the Family of Apps — FB, IG, Messenger, WhatsApp — establishing Privacy Center as the consistent privacy touchpoint in the Meta settings ecosystem
- Controls Toolbox and Altitudes framework adopted company-wide as the decision model and shared language for privacy product integration
Impact
User comprehension increased measurably. Research demonstrated significantly improved understanding of how Meta collects, uses, and stores data — validating the move from dense policy text to contextual, controls-forward education.
The Privacy Policy launch succeeded where previous ones hadn't. By providing supplemental context and controls alongside policy text, the update proceeded with substantially fewer regulatory challenges and public complaints — directly mitigating risk under GDPR and the ePrivacy Directive.
The frameworks outlasted the project. The Controls Toolbox taxonomy and Altitudes & Groupings model became foundational to how Meta's privacy organization evaluated new products — shifting the company from reactive mitigation to proactive compliance infrastructure.
Reflection
The highest-leverage work I did on this project wasn't a screen. It was building the frameworks, taxonomies, and decision models that allowed hundreds of people across a large, complex organization to move in a coherent direction. Design at platform scale is fundamentally an act of organizational design.
The hardest thing was operating at the intersection of institutional pressure and genuine user need without losing either — and doing so in a role that required me to hold IC, manager, strategist, and program lead simultaneously. The lesson I carry forward: the designer who can set the foundation for a system — the language, the logic, the decision model — has more long-term leverage than the one who designs the most polished screen.