Facebook · Case Study · 2022 – 2024System design:
Facebook Privacy
When 24% of people on Facebook were accidentally sharing with the wrong audience, we knew privacy settings needed more than a redesign, they needed a rethinking
Facebook's privacy controls had grown organically over a decade. Posts, stories, Marketplace, and Dating each presented settings in different styles and formats. 10% of users reported being unable to find the setting they wanted to change within the last 7 days. The inconsistency wasn't just confusing — it was eroding trust.
As design lead for Facebook Privacy, I was tasked with a question that was deceptively simple: how do you give billions of people clear, consistent control over their data across every surface, every device, and every regulatory jurisdiction, without overwhelming them?
Role & Scope
Design Lead, Facebook Trust and Safety
System Design
Information Architecture
Interaction Design
Design Systems
UX Research
Cross-platform (FB, IG, WhatsApp)
Mobile (iOS & Android)
Regulatory Compliance
Accessibility & Scalability
Understanding the Problem
We identified five core privacy problems that cut across every surface of Facebook
Through research synthesis and cross-functional workshops with Privacy, Integrity, and Privacy Central teams, we distilled the landscape into five "people problems": recurring pain points that prevented users from feeling in control. These became the foundation for every design decision that followed.
Strategic Approach
Not every privacy problem needs the same solution
Privacy isn't a single feature — it's a spectrum. Some problems require proactive system defaults. Others need better in-context controls. And some demand entirely new frameworks. I mapped our solutions across this spectrum to ensure we were addressing the right problems with the right level of intervention.
Deep Dive:
Unified Settings Framework
A single, modular framework for 93% of all Facebook Settings impressions
The problem
Privacy settings were scattered across dozens of surfaces, each with its own UI patterns, component libraries, and interaction models. Engineers spent an average of 2.5 days building each new setting. Regulatory changes — which required updates across every surface simultaneously — took weeks to roll out.
The approach
Rather than fixing settings surface by surface, I proposed a fundamental shift: a unified framework with a new information architecture, modular Bloks components, and consistent interaction patterns that could scale across the entire platform
The key insight
Users don't think in terms of "privacy settings" vs. "account settings" vs. "content settings." They think in terms of jobs: "Who can see my posts?" "How do I stop someone from contacting me?" We restructured the entire IA around these mental models.
The outcome
The USF now powers 93% of all Facebook Settings mobile impressions. Development time per setting dropped from 2.5 days to 0.7 days. Regulatory response time improved by 75%.
Impact
93%
of all Facebook Settings mobile impressions now on the Unified Settings Framework
+10.2%
increase in setting changes when search results were linked to parent categories
2×
daily users assisted via Help Center connection, maintaining a 30% action rate
75%
faster regulatory response enabled by the new settings architecture
3.2M
teens updated their privacy settings in the first 3 weeks after Youth Defaults launch
0.7d
average development time per setting, reduced from 2.5 days
Deep Dive:
Audience Selector
24% of users had unwanted viewers see their posts. This was the most urgent problem to solve.
The problem
Audience selection suffered from inconsistent UI patterns across surfaces, low entry-point discoverability, full-screen intrusive modals, and contradictory audience labels. Users didn't just struggle with settings — they were inadvertently exposing content to unintended audiences.
The approach
I designed a standardized Audience Privacy Selector — a unified component that works consistently across posts, stories, Reels, and Marketplace. I also created the Audience Selector Guideline to ensure scalability across all surfaces and future product teams.
Before: 1. Inconsistency UI and interaction patterns. 2. Entry point low discoverability 3. Full screen high intrusive settings 4. Inconsistent language and audience labels
After: Unified Audience privacy selector
Privacy Controls Simplification
Restructuring settings around the way people actually think
Using humanistic language, we grouped settings around core jobs — aligned with users' mental models rather than internal product taxonomies. People could finally find the settings they needed quickly and in the places they expected.
‘Your time on Facebook’ Before Vs. After
Settings Homepage Before Vs. After
Content Preference Before ( Forks in the road ) Vs. After ( Sub-navigation)
Cross-Platform & Youth
Extending the system across devices and protecting younger users by default
The USF's modular Bloks components ensured identical privacy controls on every surface — from Facebook.com to the mobile app, with the same language, structure, and interaction patterns. We also launched Youth Default Settings, applying stronger privacy protections for teen accounts automatically.
Impact
3.2M
teens updated privacy settings in the first 3 weeks after Youth Defaults launch
2×
daily users assisted via Help Center connection, maintaining a 30% action rate
Youth default settings
Starting today, all users under 16 (or 18 in certain countries) will be defaulted into more private settings upon joining Facebook. We’ll also encourage existing teen users to update their settings to enhance privacy. In the first 3 weeks post-launch, over 3.2M teens have used our flow to update their settings.
This is part of our commitment to protecting young people from harm and creating a safe, age-appropriate environment on Facebook.
Bundled Settings
Currently, when users create new profiles on Facebook (e.g., SOAPS or ProMode), they inherit the settings from their main profile, which doesn’t align with the different intent behind these new profiles. This often leads to issues like sharing to the wrong audience, as users are unaware they’re using the same settings. With over 100 settings to navigate, this creates unnecessary complexity.
To simplify the onboarding experience, we plan to introduce “bundled” settings that match users' intent. These bundles—Creator and Friends and Family—will help users quickly identify the right settings and make adjustments with ease, reducing complexity and improving control.
What I learned designing privacy at scale
Systems over surfaces.
The biggest impact came not from redesigning individual screens, but from building a framework that made every future privacy surface inherently better. When the USF shipped, hundreds of settings that hadn't been individually "redesigned" were still dramatically improved, because the underlying system was sound.
Performance
0.7d
2.5d
dev time per setting, a 72% reduction. Partners adopting USF Bloks required zero additional work.
68.9%
39%
of screen loads under 1 second
90.5%
79%
of screen loads under 2 seconds, now aligned with Facebook's standard (>85%)
Regulation as a design constraint, not an obstacle.
Regulatory requirements initially felt like blockers. But treating compliance as a first-class design constraint rather than something to bolt on later, led to a more modular, flexible architecture that actually made the product better for everyone.
Regulatory & Quality
75%
faster regulatory response enabled by the new modular architecture
2.7
SEVs per month prevented by USF's Test Suite
>90%
test coverage for all settings on USF. AX issues addressed at scale with no extra cost to partner teams.
Cross-platform consistency requires cross-team trust
Aligning privacy patterns across Facebook, Instagram, and WhatsApp wasn't a design problem — it was a coordination problem. Building shared language and shared components with Privacy Central early on meant fewer late-stage conflicts and faster adoption.
Privacy is a conversation, not a toggle
The most effective privacy controls aren't buried in settings; they surface at the moment of decision. The Audience Selector works because it meets people where they are, not where we wish they'd go.
