Diana Marsala,
MetaPurpose limitation is a foundational principle in data privacy, ensuring that the use of data is strictly confined to the explicitly stated purpose(s) disclosed at the time of collection. This presentation is a retrospective analysis on early iterations of
Policy Zones, one of Meta's technical solutions designed to enforce purpose limitation.
By examining the evolution of Policy Zones, including lessons learned and key insights into why certain approaches were effective or ineffective, we aim to provide a deeper understanding of the complexities and opportunities in implementing purpose limitation at scale.
In particular, we'll focus on three common purpose limitation paradigms:
- Set it and forget it: Dynamically propagating policies from service to service, throughout the stack
- One size fits all: Leveraging a single policy for all purpose-limitation-based privacy requirements
- Run checks everywhere: Running privacy checks server-side for every data store, in a single chokepoint that covers all callers
These three paradigms were initially adopted by Meta. Although they appeared sound and facilitated a faster system build-out, we later identified several gaps that necessitated a redesign of our systems to enhance operational maturity and make them more viable at scale.
https://www.usenix.org/conference/pepr25/presentation/marsala
