Meta Limited Data Use in 2026: How State Privacy Signals Reshape Custom Audiences, Conversions API and Retargeting

What Limited Data Use Is

Limited Data Use, usually abbreviated LDU, is Meta's mechanism for complying with United States state consumer-privacy laws that grant people the right to opt out of the sale or sharing of their personal information for advertising. Rather than removing a person from advertising entirely, LDU narrows how Meta is permitted to process the event data an advertiser sends, so that opted-out users are not folded into the personalization and audience-building machinery while still being counted for measurement.

For advertisers, LDU sits at the intersection of two systems that are easy to treat as separate but are not: the privacy-consent layer on your own website or app, and the data you send to Meta through the Pixel and the Conversions API. As more states pass comprehensive privacy laws through 2025 and 2026, the population of users with enforceable opt-out rights grows, and the correctness of your LDU configuration increasingly determines whether your data practices are defensible.

"Limited Data Use does not switch advertising off for a person. It constrains how their data is processed — restricting personalization and audience-building while preserving measurement — which is exactly the trade a state opt-out is meant to produce.
— AuditSocials analysis of Meta's Limited Data Use documentation"

This guide explains what the LDU signal does, which opt-outs trigger it, how it affects Custom Audiences and retargeting, and how to configure it across the Pixel and Conversions API. Ground the US picture with the United States advertising compliance guide, and define terms in the compliance glossary.

How the LDU Signal Works

According to Meta's developer and business documentation, LDU is carried by a set of data processing options parameters attached to each event. When those parameters indicate limited processing, Meta treats the event as restricted for that person.

What Restriction Actually Changes

The headline point is that LDU is not a delete signal and not an event-blocking signal. The conversion still registers, so your reporting and optimization signal are largely preserved, but the person's data is walled off from the personalization and audience uses that a state opt-out is designed to stop. Because the exact processing behavior is defined by Meta and can be refined over time, treat the precise mechanics as something to confirm against Meta's current documentation rather than as a fixed guarantee. Audit how events flow from your properties to Meta with the AI Compliance Audit.

Which States and Opt-Outs Trigger It

LDU exists because US state privacy laws increasingly give consumers a right to opt out of the sale or sharing of personal information and of targeted advertising. The signal originated as a way to meet California's framework and has been extended as more states enacted comparable laws.

The Direction of Travel

• California first: LDU was introduced to address California's Consumer Privacy Act opt-out of sale and sharing, the earliest and most influential of the state regimes.
• An expanding map: As states such as Colorado, Connecticut and a growing roster of others brought comprehensive privacy laws into effect, the set of consumers with opt-out rights widened, and Meta's applicability guidance expanded accordingly.
• Universal opt-out signals: Several states now require businesses to honor browser-level universal opt-out mechanisms such as Global Privacy Control, which means an opt-out may arrive as a signal on your site rather than a button click.

Because the covered-state list keeps changing as new laws take effect, the durable instruction is to confirm the current scope against Meta's official documentation and against the state laws themselves rather than hard-coding a list that will age. For the strict end of the state wave, see the Maryland MODPA guide, and map your multi-state exposure with the Legal Compliance Scan.

Impact on Custom Audiences and Retargeting

The most concrete advertiser-facing effect of LDU is on audiences. When data is restricted, it cannot feed the audience products that depend on personalization, and that has real consequences for reach and retargeting.

What Shrinks and What Survives

• Custom Audiences from website or app activity: Events flagged for limited use are restricted from building or expanding these audiences, so pools sourced from opted-out users will be smaller.
• Retargeting: A user whose data is restricted should not be retargeted on the basis of that restricted activity, which narrows lower-funnel pools in states with high opt-out rates.
• Lookalikes: Because lookalikes are modeled from source audiences, restricting the source data narrows the seed and can affect the modeled audience.
• Measurement and optimization: Conversion counting and modeled reporting are largely preserved, so campaign optimization signal is less affected than audience building.

The strategic reading is that LDU shifts value away from granular retargeting and toward broad-reach, well-measured prospecting — a direction that aligns with the broader post-signal-loss environment advertisers already face. For the parallel collapse of third-party retargeting signal, see the Privacy Sandbox shutdown guide. Pressure-test campaign copy and targeting with the Keyword Risk Checker.

Configuring LDU in the Pixel and Conversions API

LDU is only as good as its implementation. The central design choice is whether to let Meta apply restriction by geography automatically or to control the flags yourself from a consent or opt-out signal you capture, and the answer shapes how you wire the Pixel and Conversions API.

Implementation Decisions

• Geography-based vs self-controlled: Meta supports letting it determine applicability by geography, or having the advertiser set the data processing options explicitly per event. Self-control gives precision when you already capture consent state, but it puts the accuracy burden on you.
• Wire a real opt-out signal: Connect your consent management platform or opt-out mechanism — including universal signals like Global Privacy Control where required — to the flags, so an opt-out on your property propagates to Meta.
• Apply consistently across Pixel and CAPI: If you send events both client-side via the Pixel and server-side via the Conversions API, the LDU state must be consistent across both paths, or a server event can undo a browser restriction.
• Document the logic: Keep a written record of how applicability is determined and how the signal flows, because that documentation is what demonstrates a defensible, deliberate practice.

Because Conversions API events are sent from your server rather than the browser, they are exactly where an opt-out can silently fail to carry through, so server-side configuration deserves particular scrutiny. Audit the end-to-end flow with the AI Compliance Audit, and keep watch on state-law movement with the Policy Change Tracker.

Limited Data Use Readiness Checklist

• [ ] Current LDU covered-state scope confirmed against Meta's official documentation
• [ ] Opt-out and consent capture on your own properties wired to the LDU flags
• [ ] Universal opt-out signals (e.g. Global Privacy Control) honored where state law requires
• [ ] Geography-based vs self-controlled applicability decision made and documented
• [ ] LDU state consistent across the Pixel and the Conversions API
• [ ] Server-side Conversions API events verified to carry the correct restriction
• [ ] Custom Audience and retargeting impact understood and accepted
• [ ] Conversion measurement confirmed to persist for restricted events
• [ ] Written record of applicability logic and signal flow maintained
• [ ] Multi-state exposure mapped and reviewed as new laws take effect