Meta is once again tightening the reins on advertisers in sensitive categories like healthcare and finance. Beginning later this year, the platform will start proactively restricting custom and lookalike audiences as well as custom conversions that suggest sensitive traits.
This update expands on changes that took effect in early 2025, which were also aimed at reducing the risk of misuse. In that instance, advertisers in select categories saw new limits on bottom-funnel conversion tracking and event optimization, making it harder to run performance-based campaigns on the platform without proper approval and certain safeguards.
That’s because Meta collects a lot of identifying information, and combining that with conversion actions—like a specifically-named “appointment booked” or “[prescription] ordered” conversion—would constitute protected health information (PHI). Thus, sharing that data with Meta Ads could be a HIPAA violation.
While legal punishments for those violations have centered on advertisers in the past, lawsuits against Meta for various health privacy compromises likely made the status quo untenable. As a result, Meta’s health advertising policy posture is shifting from encouraging compliance to actively preventing misuse of its platforms. These latest updates represent a continuation of that trend.
What Meta Will Now Be Flagging
These new updates add more enforcement to the equation. Rather than merely asking advertisers to avoid problematic data-sharing, Meta will begin proactively scanning and disabling certain custom audiences and conversion events that appear to reference protected health or financial attributes—even if those audiences and conversions were previously approved by the platform.
This process is expected to begin later in Q3 and will include:
- Flagging and disabling custom or lookalike audiences that include or imply sensitive traits (e.g., “arthritis_interest_list” or “high_income_customers”).
- Flagging and disabling custom conversions whose names, rules, or metadata imply a health condition or financial qualifier.
Notably, Meta says it won’t pause the campaigns that utilize these conversions and audiences—but advertisers should expect to see performance degrade if flagged components aren’t addressed. Meta recommends pausing those campaigns should that occur. New campaigns attempting to use flagged audiences or conversions will be blocked at setup.
What To Do if Audiences or Conversions are Flagged:
According to Meta’s announcements, if an advertiser’s audiences or conversions are flagged, they will need to resolve the underlying issues before they can use them again—or create whole new versions that comply with policies.
For Custom Audiences:
- Remove offending data from the custom audiences that have been flagged, referencing Meta’s Business Tool Terms.
- Create new audiences that align with those terms
- Use different, compliant audiences that you may have already created.
For Lookalike Audiences:
- Resolve issues with the underlying custom audience that the lookalike is based on
- Create new audiences if necessary
For Custom Conversions:
- Create new conversions that don’t utilize any information that is not allowed
- Use different conversions to guide your campaigns
- If a conversion is flagged, hindering the performance of a campaign, you may need to duplicate the campaign and replace the offending conversions before launching
Requesting Reviews
If you think an audience or conversion was wrongly flagged, you are able to request a review in Ads Manager. For conversions, that is found in Events Manager under the custom conversions page; for audiences, that can be done in Audience Manager by clicking on the affected audiences and navigating to the summary tab.
ADM’s Perspective
In our view, this is a natural progression for Meta’s stated effort to discourage misuse of its marketing tech. The rules aren’t new—but this type of automated enforcement is.
The policy focuses primarily on the naming conventions used for audiences and custom events—which have really been a central issue since the FTC enforcement actions a few years ago that first put the spotlight on health marketing’s potential compliance nightmares. If they’ve been paying attention and following the rules, smart health advertisers should already have compliant naming conventions in place.
From a performance standpoint, the flagged conversions seem to represent the larger concern. Because so many campaigns rely on advanced algorithms to tailor their delivery based on expected conversions, disabling those conversions within a campaign seems more likely to throw performance out of whack, meaning it’s likely that new campaigns will need to be built—whereas audiences can likely be fixed without having to replace the campaign wholesale.
Notably, Meta’s new policy documentation does not reference account shutdowns, meaning the platform seems as though it will be satisfied with disabling potential violations rather than banning entire accounts outright—though, as always, brands that repeatedly flaunt Meta policies risk losing their ability to use its ad services.
At present, Meta’s enforcement does not extend to campaign, ad set, or ad names, though it would be wholly unsurprising if those also came under scrutiny in the future.
ADM is a dedicated health marketing agency, so we’ve been focused on this subject for a long time. Anonymized naming conventions are already part of our standard practices for health clients. We also partner with top marketing privacy services like Ours Privacy and Freshpaint to help our clients protect their patient data better. If your current Meta strategy feels vulnerable or outdated, we’re here to help you build something more compliant, resilient, and effective—so don’t hesitate to reach out to our team today.
