Applications closed

2022 Privacy Enhancing Technologies request for proposals


Over the past few years, we’ve established research award opportunities to support privacy-focused projects in academia. Most recently, our 2021 Privacy Enhancing Technologies request for proposals was met with great interest and we were pleased to award ten excellent projects. We will continue this momentum and refine our topics of interest under the Privacy Enhancing Technologies (PETs) area for 2022.

By integrating Privacy Enhancing Technologies into our products, we are building trustworthy experiences that billions of people use worldwide. Our primary goal is to help design and deploy new privacy enhancing solutions that minimize the data we collect, process, and externally share, while supporting business and delighting consumers across the Meta family of products. As we continue making strides in Privacy Enhancing Technologies at Meta, one of the key elements is learning from outside experts.

To foster further innovation in this area, and to deepen our collaboration with academia, Meta is pleased to invite faculty to respond to this call for research proposals pertaining to the areas of interest highlighted below. We anticipate awarding eight to ten awards, each in the $80,000–100,000 range. Payment will be made to the proposer's host university as an unrestricted gift.

Award Recipients

University of Michigan

Paul Grubbs

University of Waterloo

Xi He

Rochester Institute of Technology

Yidan Hu

University of Florida

Eakta Jain

Princeton University

Kai Li

University of Colorado Denver

Zhengxiong Li

Brown University

Peihan Miao

University of Toronto

Nicolas Papernot

French Institute for Research in Computer Science and Automation

Tamara Rezk

Carnegie Mellon University

Virginia Smith

CISPA Helmholtz Center for Information Security

Sebastian Urban Stich

University of Chicago

Blase Ur

Applications Are Currently CLosed

Application Timeline

Launch Date

March 16, 2022


April 20, 2022, at 5:00pm AOE (Anywhere on Earth)

Winners Announced

August 2022

Areas of Interest

1. Privacy preserving analytics

  • Differential privacy for anonymization: Combining differential privacy with other secure computation and privacy improving techniques is a natural way to improve the privacy profile of any solution. Research is required to formalize the combination of techniques such as shuffling, k-anonymity, and aggregation with differential privacy to provide optimal privacy protections.
  • Differential privacy for database management systems: Applying differential privacy to real-world use cases when it involves a large number of tables, streaming data, or complex queries is still challenging. More research is needed to improve the privacy bounds for realistic query workloads on large analytics systems. In addition, understanding the best practices to perform longitudinal analyses of privacy over time, supporting differential privacy in complex data types or efficiently incorporating differential privacy into modern database management systems could advance the adoption of differential privacy.
  • Re-identification measurement: Measuring the risks of privacy loss or re-identification is critical to evaluate the privacy profile of various systems. There is opportunity to build systems that measure real-world impact of correlation and other attacks.

2. Private record linkage and aggregation

  • Asymmetric MPC: The most efficient MPC protocols generally have a cost that is symmetric to both parties. Current techniques (e.g., Functional Encryption, Oblivious RAM, or FHE) that shift the bulk of cost to one party either limit the functions that can be computed or come at a significant increase in total cost. Are there protocols that have more desirable asymmetric scaling properties?
  • Multi-key private record linkage: Research in private set intersection has focused on the case where each record has a single identifier. More work is needed on the extended problem where records are identified by multiple identifiers and we seek flexibility in the matching logic used to join the set, while maintaining privacy requirements. See this paper for a more complete problem statement.
  • Complex aggregations in MPC: Secure aggregation systems such as PRIO offer scalable solutions for many distributed aggregation problems, but further research is needed to unlock efficient solutions to more complex aggregations, such as a summation conditioned on a set intersection of sparse elements.

3. Privacy preserving machine learning

  • Model capacity: A key challenge in privacy preserving machine learning remains the limited communication and computation capabilities for various techniques in private model training, such as on-device federated learning or training with secure computations. How do we improve model capacity to make models as accurate as possible, while still preserving privacy?
  • Trust models: Stronger trust and security models often means higher computation and communication costs, making large-scale ML infrastructure less feasible. What are the right frameworks for designing and validating privacy attacks on ML models? How to improve the trust and security assumptions without sacrificing the feasibility of practical model training?
  • Differential privacy in PPML: Existing differential privacy mechanisms have limitations in their applicability in real-world large-scale ML tasks, especially when we take into account the large number of compositions involved in end-to-end processing on private data (including model training, feature engineering, and model evaluations, etc). How do we improve the privacy bounds and budget allocation to enable practical use cases of DP to support large scale models and development cycles?
  • Mixed training data sets: Data sets being leveraged for ML tasks can sometimes have partitions of both private and non-private portions (a special case being when only the label in a training data set is private, whereas features are public). The notion of privacy can also vary depending on the actor (data owner vs processor, local vs shuffler vs global privacy). How do we design optimal mechanisms to improve utility with the view of these mixed training data sets in mind?

4. Privacy of messaging

  • Improving transparency, security, integrity, and reliability of end-to-end encryption technology remains a high priority for Meta. Where do current cryptographic techniques fall short? How should we handle transient errors and how can we make safe retry logic? How can users know that their peers’ encryption keys are correct? How can we apply end-to-end encryption to encrypt backups and ensure people can recover their data? How does the threat model of end-to-end encryption apply to websites and web messaging?

5. Anonymous credentials

  • Being able to authenticate to Meta’s services with enhanced privacy guarantees for the client is an active area of research for Meta. Can we bring practical instantations of anonymous credentials to scale with Meta’s user base? How do we measure privacy loss when anonymous credentials are reused in practice? Can we use anonymous credentials in conjunction with 2-factor authentication?

6. Privacy preserving techniques in Data for Good

  • Companies have a lot of valuable data that could provide social good if shared more widely, while still preserving privacy of users. Some open questions include the following: How to use PETs to perform research on private data, how to enable research to be conducted across data from several companies, and how to use PETs to perform research on very sensitive data without even collecting it. Could we build tools to empirically measure the privacy risk of research data that is released, or automate potential attacks on data? We are particularly interested in how PETs such as MPC, differential privacy, and zero knowledge proofs can be used to empower research on data types from numeric attributes to text data, images, videos, and high-dimensional data.

7. Privacy in Metaverse

  • Virtual reality and augmented reality are emerging forms of computing, introducing unique privacy challenges. Privacy enhancing technology can play a role in making sure that people can have an immersive experience, while minimizing data collection and use. Can PETs safeguard user privacy while interoperating between different networks? Can PETs be used to keep eye tracking, avatars, and models of users’ data private so that they can be their authentic self? Can PETs be used to keep people’s location private while they are interacting with virtual objects in the real world? We are particularly interested in how PETs such as MPC, client secure enclaves, zero knowledge proofs, and differential privacy can be used in the metaverse.


Proposals should include

  • A summary of the project (one to two pages), in English, explaining the area of focus (including the keyword), a description of techniques, any relevant prior work, and a timeline with milestones and expected outcomes
  • A draft budget description (one page) including an approximate cost of the award and explanation of how funds would be spent
  • Curriculum Vitae for all project participants
  • Organization details; this will include tax information and administrative contact details


  • The proposal must comply with applicable U.S. and international laws, regulations, and policies.
  • Applicants must be current full-time faculty at an accredited academic institution that awards research degrees to PhD students.
  • Applicants must be the Principal Investigator on any resulting award.
  • Meta cannot consider proposals submitted, prepared, or to be carried out by individuals residing in or affiliated with an academic institution located in a country or territory subject to comprehensive U.S. trade sanctions.
  • Government officials (excluding faculty and staff of public universities, to the extent they may be considered government officials), political figures, and politically affiliated businesses (all as determined by Meta in its sole discretion) are not eligible.

Frequently Asked Questions

  • Do you typically limit the salary of the PI in the gift?

    Most of the RFP awards are an unrestricted gift. Because of its nature, salary/headcount could be included as part of the budget presented for the RFP. Since the award/gift is paid to the university, they will be able to allocate the funds to that winning project and have the freedom to use as they need. All Meta teams are different and have different expectations concerning deliverables, timing, etc. Long story short – yes, money for salary/headcount can be included. It’s up to the reviewing team to determine if the percentage spend is reasonable and how that relates to the decision if the project is a winner or not.

  • Should proposals be double- or single-spaced? Is there any required/expected font?

    We are flexible, but ideally proposals submitted are single-spaced, Times New Roman, 12 pt font.

  • What is the award cycle or when does the funding year begin and end?

    Research awards are given year-round and funding years/duration can vary by proposal.

  • Can award funds be used to cover a researcher's summer salary while conducting research?

    Yes, award funds can be used to cover a researcher’s salary.

  • Can you please explain the budget breakdown in more detail?

    Budgets can vary by institution and geography, but overall research funds ideally cover the following: graduate or post-graduate students’ employment/tuition; other research costs (e.g., equipment, laptops, incidental costs); travel associated with the research (conferences, workshops, summits, etc.); overhead for research gifts is limited to 5%.

  • We are working as co-PIs. Is it possible to list both of our names as PI for an RFP proposal?

    Co-PIs are welcome! One person will need to be the primary PI (i.e., the submitter that will receive all email notifications); however, you’ll be given the opportunity to list collaborators/co-PIs in the submission form. Please note in your budget breakdown how the funds should be dispersed amongst PIs.

  • Can I have a co-PI from a different institution?

    Absolutely. We welcome submissions from collaborators/co-PIs at the same or different institutions. (See FAQ above for co-PI submission form instructions.) Please note, payment will be made to the primary PI’s host institution. It can be further disbursed by that institution.

  • If a proposal is selected as a winner and has co-PIs from different institutions, can you split the award?

    As mentioned above, we welcome submissions from multiple co-PIs from the same or different institutions on a single proposal. All names and institutions will be named as part of the award communication on the Meta Research website; however, the full amount of the award payment will be made to the primary PI’s host institution and can be further disbursed by that institution.

  • What are the terms and conditions if my proposal is selected as a winner and is awarded as a GIFT?

    Generally, RFP winners that are awarded as gifts will be provided a standard Meta-branded gift letter requiring signature from an authorized university representative in order to initiate the payment process. University representatives, administrators, or other partners with an interest in the specific terms can review below. The gift letter contains standard terms and conditions included in all Meta gift letters with academics, such as:

    • The gift is inclusive of all fees and charges that may apply.
    • The management and expenditure practices and any assessment applied to the gift shall be done in accordance with university policies and procedures.
    • Meta will have no control or influence over the independent conduct of any studies or research performed using the gift, or over the dissemination of research findings.
    • All intellectual property or data resulting from the use of the gift will be retained by university/institution and university/institution may publicly disclose the results of research supported by the gift in academic publications, presentations, grant/funding applications, etc.
    • The university/institution confirms that its acceptance and use of the gift:
      • will not interfere with the official duties of its faculty or employees and that the university/institution will not allow its faculty or employees to perform any official action to improperly benefit Meta.
      • complies with applicable regulations, policies, and rules of the university/institution.
      • will not violate applicable laws, including laws relating to export control, trade sanctions, anti-corruption, or political activities laws.
      • does not conflict with any other obligation university/institution, its faculty or employees may have to any other party.
      • the university/institution will promptly inform Meta of any circumstances that would make acceptance, retention, or use of the gift inappropriate.
    • Both parties shall agree in advance on the content of any public announcement or posting relating to the gift and written consent must be obtained to use either parties’ name, trademark, or logo in any such public announcement or post.
    • Meta may include a factual statement about the gift in its public reports or blog posts on the website without prior notice to or consent from the university/institution.

Terms & Conditions

Meta’s decisions will be final in all matters relating to Meta RFP solicitations, including whether or not to grant an award and the interpretation of Meta RFP Terms and Conditions. By submitting a proposal, applicants affirm that they have read and agree to these Terms and Conditions.

  • Meta is authorized to evaluate proposals submitted under its RFPs, to consult with outside experts, as needed, in evaluating proposals, and to grant or deny awards using criteria determined by Meta to be appropriate and at Meta sole discretion. Meta’s decisions will be final in all matters relating to its RFPs, and applicants agree not to challenge any such decisions.
  • Meta will not be required to treat any part of a proposal as confidential or protected by copyright, and may use, edit, modify, copy, reproduce and distribute all or a portion of the proposal in any manner for the sole purposes of administering the Meta RFP website and evaluating the contents of the proposal.
  • Personal data submitted with a proposal, including name, mailing address, phone number, and email address of the applicant and other named researchers in the proposal may be collected, processed, stored and otherwise used by Meta for the purposes of administering Meta’s RFP website, evaluating the contents of the proposal, and as otherwise provided under Meta’s Privacy Policy.
  • Neither Meta nor the applicant is obligated to enter into a business transaction as a result of the proposal submission. Meta is under no obligation to review or consider the proposal.
  • Feedback provided in a proposal regarding Meta products or services will not be treated as confidential or protected by copyright, and Meta is free to use such feedback on an unrestricted basis with no compensation to the applicant. The submission of a proposal will not result in the transfer of ownership of any IP rights.
  • Applicants represent and warrant that they have authority to submit a proposal in connection with a Meta RFP and to grant the rights set forth herein on behalf of their organization. All awards provided by Meta in connection with this RFP shall be used only in accordance with applicable laws and shall not be used in any way, directly or indirectly, to facilitate any act that would constitute bribery or an illegal kickback, an illegal campaign contribution, or would otherwise violate any applicable anti-corruption or political activities law.
  • Funding for winning RFP proposals will be provided to the academic institution with which the primary investigator/applicant is affiliated pursuant to a gift or other funding model as specified in the RFP call. Applicants understand and acknowledge that their affiliated academic institution will need to agree to the terms and conditions of such gift or other agreement to receive funding.
  • Applicants acknowledge and agree that by submitting an application they are consenting to their name, university / organization’s name and proposal title being made public on Meta’s blog on the website if they are chosen as an RFP winner or finalist. If an applicant is selected as a winner or finalist, they will then have the opportunity to provide written notification that they do not consent to the blog inclusion.