Responsible Platform Initiatives

Preparation

Starting in October of 2024, you may receive the new data access renewal assessment for your app. Developers with apps transitioning to the new experience will be alerted via email, an alert in your Inbox, and/or the status in your developer dashboard. To receive this alert, ensure that your notifications are turned on in your Developer Settings page. Please note, the shift to data access renewal will be on an app-by-app basis, so you may have some apps subject to the current processes.

When to start the assessment

Developers with apps that are transitioned into the new data access renewal experience will receive a required action alert from Meta to complete the assessment by their deadline. You will need to complete the required action in order to avoid restrictions on their integration. You will have 60 calendar days after dispatch to submit data access renewal.

The required action alert will be sent via email to all app administrators as well as to the app’s listed contact email address. In case this email is not viewed, you will also be able to view the Required Action through the ‘Apps’ page and on your Required Actions Dashboard (pictured below).

To respond to the Required Action alert, you can click on the ‘View’ button on the dashboard (pictured above). This will open the Required Actions page for the specific app and allow you to start data access renewal. When you are ready, click ‘Open checkup’ to open a new browser tab and begin the assessment.

Overall Best Practices

  1. Verify both the email address associated with your developer account and the app contact email address listed on the Setting pages of the App Dashboard so you receive alerts and updates in a timely manner.

  2. Understand why and how your app uses the Platform Data it has access to and be able to provide documentation if required. To see what Platform Data your app uses, go to the App Dashboard and look at your app’s selected permissions and features.

  3. For questions you are unsure of how to answer, consult with the appropriate legal and data security colleagues in your organization. Incomplete or vague answers may result in loss of platform access.

  4. Carefully review the pre-filled information, if there are any, in the data access renewal assessment and the latest responses from prior assessment(s), to make relevant updates for accuracy and reflect recent changes in your practices prior to submission.

Data Handling Best Practices

To prepare to answer the data handling questions, we recommend that you:

  • Review our Platform Terms and Developer Policies.
  • Review and only request the permissions and features that your app needs to function as intended.
    • For apps that require access to use cases, permissions or features (for some apps this is called advanced access): Be careful to only request and use the use cases, permissions, or features that your app needs to function as intended.

  • For apps that have been published live with a use case, or that have advanced access to permissions and/or features: Review the permissions and/or features connected to the app. Learn more about access levels.

  • Review your data processors, including your own companies, and the countries in which they process the personal data of users received from Meta. We encourage the use of data processors located in countries with strong data protection laws. For example, here is a list of countries that the European Commission has deemed to have adequate data protection laws. Many data processors provide location(s) on their corporate website.

  • Review your policies for disclosing personal data of users to public authorities. We encourage you to have policies and procedures for reviewing the legality of requests from public authorities for access to personal data of users and provisions for challenging the legality or scope of those requests if you consider them unlawful. Finally, we encourage you to have policies or processes to disclose the minimum data necessary to respond to lawful requests from public authorities to access personal data of users.
    • Meta may restrict or deny access if you answered that you are prohibited from telling us whether you provided the personal data of users to public authorities, or about your procedures for handling such requests.
    • Review your procedures and processes for documenting requests from public authorities. We encourage documentation of the request, your response to the request and the outcome of the request.

Data Protection Best Practices

  • You do not have to complete the assessment in one sitting. You can leave and return as often as you need. Everything that you enter is auto-saved for you.
  • As you answer the questions, additional questions may be added for you to provide more details or evidence. Therefore the list of questions that you reviewed in the “Before you Start” section above may be longer than what you will need to submit for your assessment.