Data Handling Questions
Updated: Dec 17, 2024
Answering our data handling questions is a requirement for apps that are requesting access to platform features through the
Data Use Checkup. These questions are designed to validate that personal data received from Meta Horizon will be processed and transferred securely, in compliance with our
developer policies. This is part of Meta Horizon’s continued commitment to protecting people’s privacy and personal data. This commitment is a responsibility that we share with all developers in our ecosystem.
As of January 26, 2024, developers are required to answer data handling questions during their initial and annual Data Use Checkup.
It is recommended that you consult with legal, policy, and privacy experts within your organization for guidance on how to answer these questions.
To prepare to answer the data handling questions, we recommend that you:
- Personal data or personal information is any data that is related to an identifiable person.
- A data controller is the legal entity that will control the purposes and means of processing the data made available to you by Meta Horizon through the requested permissions and/or features. This could be a natural or legal person, a public authority, an agency or other entity.
- A data processor or service provider is a separate entity that, on your behalf, processes the Meta Horizon User Data and/or Device User Data made accessible to you in order to provide you with a service.
- Public authorities include, for example, any government entity or other public administration, including public advisory bodies, at national, regional, or local level, or natural or legal person having public responsibilities or functions, or providing public services.
- Note: We may restrict access if you answered that you are prohibited from telling us whether you provided the personal data of users to public authorities or about your procedures for handling such requests.
For details and examples, refer to the following definitions:
To obtain access to platform features, tell us about your data handling practices. We recommend you consult legal, policy, and data handling experts within your organization for guidance on how to answer these questions.
Learn about our data handling guidelines.
Do you have data processors or service providers, including your own companies, that will have access to the Meta Horizon User Data and/or Device User Data that you obtain from Meta Horizon?
Data processors or service providers are separate entities that, on your behalf, process the Meta Horizon User Data and/or Device User Data made accessible to you in order to provide you with a service.
Meta Horizon User Data is any data, information, or content that is about or associated with a person, device, or unique identifier (including anonymized or hashed user IDs) that you obtain from Meta Horizon.
Device User Data is any data, information, or content that is about or associated with a person, device, or unique identifier (including anonymized or hashed user IDs) that you obtain directly from a Meta Horizon device (including microphone or camera data, or headset position or hand tracking data).
Please list all data processors or service providers, including your own companies, that will have access to the Meta Horizon User Data and/or Device User Data of users that you obtain from Meta Horizon.
Data processors or service providers are separate entities that, on your behalf, process the Meta Horizon User Data and/or Device User Data made accessible to you in order to provide you with a service (e.g., a cloud service provider such as AWS or a game service provider such as Playfab).
Please note that Meta Horizon User Data and/or Device User Data may include a subset of personal data or personal information that relates to an identified or identifiable person.
- Add data processor or service provider
Please provide the name of your data processor or service provider.
Data processors or service providers are separate entities that, on your behalf, process the Meta Horizon User Data and/or Device User Data made accessible to you in order to provide you with a service (e.g., a cloud service provider such as AWS or a game service provider such as Playfab).
- Please write the name of your data processor or service provider
You indicated above that you share Meta Horizon User Data and/or Device User Data with data processors or service providers. For which category of services does your data processor or service provider process Meta Horizon User Data and/or Device User Data of users that you obtain or will obtain from Meta Horizon? Select all that apply.
Please note that Meta Horizon User Data and/or Device User Data may include a subset of personal data or personal information that relates to an identified or identifiable person
[ ]
To conduct analytics and measurements[ ]
To provide goods and services for purchase[ ]
To provide game services or IT solutions and services, including cloud storage and processing[ ]
To comply with an applicable law or regulation, including providing data to a law enforcement entity[ ]
To conduct research, including for the purpose of academics[ ]
Other
Please list all countries where your data processor(s) or service provider(s) will process Meta Horizon User Data and/or Device User Data received from Meta Horizon. Your data processor may process data in countries other than the one they are located. Select all that apply.
Please contact your data processors for this information. Many data processors provide this information on their corporate website.
We encourage the use of data processors located in countries with strong data protection laws.
[ ]
Select all countries that apply from the dropdown list
Who is the person or entity that will be responsible for all Meta Horizon User Data and/or Device User Data Meta Horizon shares with you?
Please provide the name of the legal entity that will control the purposes and means of processing the data made available to you by Meta Horizon through the requested permissions and/or features. This could be a natural or legal person, a public authority, an agency or other entity. In some regions this is called a data controller.
- Please write the name of the entity that will be responsible for all Meta Horizon User Data and/or Device User Data Meta Horizon shares with you
Select the country where this entity is located. Only one can be selected.
Have you provided the personal data or personal information of users to public authorities in response to national security requests in the past 12 months?
You can exclude from your response instances when you have provided personal data in response to court orders, including search warrants.
Public authorities include, for example, any government entity or other public administration, including public advisory bodies, at national, regional or local level or natural or legal person having public responsibilities or functions, or providing public services.
Note: We may restrict access if you answered that you are prohibited from telling us whether you provided the personal data of users to public authorities or about your procedures for handling such requests.
[ ]
No[ ]
Yes, we have shared the personal data or personal information of approximately 10 or fewer users[ ]
Yes, we have shared the personal data or personal information of about 11 - 100 users[ ]
Yes, we have shared the personal data or personal information of about 101 - 1,000 users[ ]
Yes, we have shared the personal data or personal information of more than 1,000 users[ ]
We are prohibited by law or company policy from answering this question.
Which of the following policies or processes do you have in place regarding requests from public authorities for the personal data or personal information of users? Check all that apply.
Public authorities include, for example, any government entity or other public administration, including public advisory bodies, at national, regional or local level or natural or legal person having public responsibilities or functions, or providing public services.
[ ]
Required review of the legality of these requests.[ ]
Provisions for challenging these requests if they are considered unlawful.[ ]
Data minimization policy—the ability to disclose the minimum information necessary.[ ]
Documentation of these requests, including your responses to the requests and the legal reasoning and actors involved.[ ]
None of the above[ ]
We are prohibited by law or company policy from answering this question.
In what country is your organization located?
If your organization operates from multiple countries, you should use the country that is associated with your organization in a business context, such as the country used in any business license or registration, company headquarters, a bank statement, or a utility bill.
[ ]
Select country from the dropdown list