Unifying siloed privacy products to drive efficiency at Meta
At Meta, privacy reviews had become a bottleneck slowing product launches and increasing regulatory risk. Disconnected tools and workflows turned privacy into a “tax” that teams tried to avoid.
I led the design team to redesign the E2E experience cut the review time drastically, changed the sentiment and saved millions in fines.
Focus areas
This one felt different from the start. There was no clear roadmap, no obvious benchmark to follow—but that’s what made it exciting. I was stepping into a space where the problems were messy, the domain was complex, and the stakes were high.
I knew I’d have to ramp up quickly, learn the privacy landscape, and connect dots across a scattered ecosystem. On top of that, I found out the team had just gone through a reorg and was down to half its original size. Rebuilding trust and momentum would be just as important as redesigning the experience. I was all in.
What problem were we solving?
When I joined Meta's Privacy Infrastructure team, I walked into a perfect storm. Privacy reviews had become a 13-week bottleneck standing between products and their launch dates. Every product required this review before launch, creating a traffic jam that threatened Meta's product launches while exposing the company to compliance risks and potential multi-million dollar regulatory fines.
My charter was clear but challenging:
Reduce time to launch
Adhere to regulatory expectations
The fragmented experience, disconnected workflows, and competing priorities had transformed privacy from a core value into what product teams cynically called a "tax" on innovation. Engineers frequently shared that they avoided privacy reviews not because they didn't value privacy, but because they were unsure what was required of them and found the process confusing.
Let's unpack this
The surface-level symptoms (slow reviews, frustrated teams) were just the tip of the iceberg. Diving deeper revealed interconnected challenges on multiple fronts:
How did we solve this?
Rather than treating the symptoms, I developed a holistic approach that addressed both the product experience and the underlying team structure needed to deliver it.
Building the Product Strategy
Established a clear strategy to guide solutions and unite multiple teams around a common vision.
To tackle this complex challenge, we needed a cohesive approach that could address both fragmented experiences and organizational silos. Our strategy had to balance technical constraints, privacy requirements, and user needs while setting a clear direction for multiple teams.
The core strategy slide
Key strategic initiatives
First, we needed to understand what we were solving and align everyone around a common vision:
Conducted research to map user pain points across the privacy journey
Applied Jobs-to-be-Done framework to identify fundamental user needs
Created experience maps that visualized the entire review process, highlighting opportunities
Used these maps as powerful alignment tools in cross-functional workshops
Establishing quality standards
With research insights in hand, we focused on building a foundation for consistent design:
Established internal critique sessions and bi-weekly reviews with cross-functional partners
Created a roadmap for design system adoption with the Meta XDS team
Provided hands-on involvement in design critiques, offering screen-level and pixel-level guidance
Empowered the team to lead organization-wide heuristic evaluations
Collaborative prioritization
To ensure we were tackling the right problems in the right order:
Built and calibrated roadmaps through cross-functional workshops
Developed a shared prioritization framework based on impact, effort, and technical foundation
Maintained constant alignment with leadership OKRs and company priorities
Balanced quick wins with longer-term structural improvements
Setting up teams for success
Created frameworks, structure & xfn partnerships to enable E2E ownership and collaboration.
The product strategy revealed two critical gaps: First, our fragmented team structure couldn't deliver the cohesive experience users needed. While users experienced privacy reviews as one journey, behind the scenes it was managed across disconnected teams and workflows (Conway's Law in action). Second, our strategy required us to integrate with developer and PM tools outside our direct control, but our existing structure made cross-team collaboration extremely difficult. We needed a new approach that would allow us to look sideways and influence beyond our core area of influence.
Creating the single-threaded owner model
To bridge organizational divides, we pioneered a new structure:
Designated two key designers as STOs: one for Coverage workflow and another for Decide/Execute workflows.
Gave designers authority and influence without changing formal titles.
Matched team members' strengths to specific ownership areas which also provide a runway for growth.
Empowered designers to lead product thinking, with coaching to fill gaps where PMs were lacking.
Building team culture
With the structure in place, we focused on creating shared identity and purpose:
Facilitated workshops to define our values, vision, and design principles
Created cross-team sharing sessions to break down existing silos
Built the team's visibility within the larger Privacy organization
Established regular design reviews to maintain quality and alignment
Growing the team
While implementing our strategy, we simultaneously built our capabilities:
Grew from 3 to 13 designers over 12 months, balancing craft expertise with strategic thinking
Aligned roles with critical workflows rather than historical divisions
Personally onboarded each designer with an immersive privacy infrastructure deep-dive
Redesigning the privacy experience
Reimagined the end-to-end privacy experience by meeting users where they are, simplifying complex decisions, and creating a scalable framework for future growth.
Our research identified three critical phases of the privacy review journey that needed reimagining: Coverage, Decide, and Execute. I crafted the overarching strategy and framework while empowering my team to own and execute their specific areas.
Coverage
The challenge: Engineers found privacy requirements confusing and often bypassed the process altogether.
Complex jargon and unclear workflows created significant bottlenecks
Software engineers felt stressed by accountability without proper expertise
Limited Privacy Program Managers couldn't handle the volume of reviews
Our solution: Meet users where they are by integrating into their existing workflows and tools.
Simplified pre-screeners with clear, jargon-free language
Used rapid prototyping to test integration methods that wouldn't disrupt workflows
Partnered with developer tools teams to embed privacy checkpoints
Created contextual guidance and standardized widgets that could live in any tool
These improvements achieved 100% coverage across product reviews—critical for regulatory compliance.
Decide and execute
The challenge: Decision bottlenecks and unclear ownership led to delays and compliance risks.
Privacy Program Managers became overwhelmed with decision requests
Unclear next steps and poor verification quality created risks
Redundant mitigations and manual tracking caused significant delays
Our approach: Streamline the decision pipeline with clear ownership and self-service options.
Developed journey maps to visualize workflows and identify bottleneck points
Created self-service certification for low-risk items and fast-track templates
Built automated mitigations with version tracking
Established clear ownership and visibility throughout the process
To ensure consistency, we also developed a component library aligned with Meta's design system while creating a roadmap for full design system adoption. These improvements reduced review time significantly and improved verification sentiment by 55%.
Future vision
While focusing on immediate improvements, I encouraged the team to look beyond current work and explore long-term visions
AI-powered Unified risk register: The team conceptualized an intelligent framework using AI to prioritize review efforts based on privacy risk patterns and historical data
Privacy knowledge graph: A designer partnered with an engineering lead to propose an AI-driven system connecting privacy data across platforms for automated insights
Intelligent catalog: A senior designer developed an AI-enhanced knowledge repository concept that could suggest relevant privacy patterns and prevent redundant work
Proactive intelligence system: Team members explored how AI could analyze incident management data and regulatory expectations to automatically identify risks
I fostered these explorations to show how other privacy infrastructure areas could bring value to the review process by leveraging AI and existing organizational knowledge.
What results did we achieve?
Our holistic approach to redesigning both team structure and product experience delivered significant measurable impact:
What did I learn?
This project wouldn't have been possible without an incredible team that embraced ambiguity and rose to every challenge. I'm grateful for the opportunity to lead this transformation and came away with several insights that continue to shape my approach:
Product strategy drives organizational structure - The right strategy naturally reveals the team structure needed to deliver it.
Show, don't tell - Demonstrating how changes improve metrics is more persuasive than conceptual arguments.
Balance vision with tactical wins - Quick wins build momentum and credibility for more ambitious changes.
Design quality needs structure - Guidelines enhance creativity by freeing designers to focus on higher-level problems.
Deep domain knowledge enables better design - Understanding the full context is essential for creating solutions that work in the real world.
