- Facebook will begin investigating all apps that had access to large quantities of data before 2014, when the platform changed to limit the amount of data third-party apps could access, and audit any app with suspicious activity, Facebook CEO and co-founder Mark Zuckerberg wrote in a post on the platform, addressing the recent controversy involving Cambridge Analytica’s collection and misuse of 50 million users’ data. Developers who don’t agree to an audit and those found to have misused personal information will be banned, he wrote, and anyone affected will be informed, including people whose data was misused by developer Aleksandr Kogan, who initially gathered the data at the center of the Cambridge Analytica incident.
- Facebook will also restrict developers’ access to data and limit the data that users provide to apps when they sign in to a user’s name, profile photo and email address. The platform will remove a developer’s access to data for users who haven’t used an app in three months. Facebook will also require developers to sign a contract before they can ask users for access to their posts or private data.
- Mozilla said in a blog post yesterday that it is pulling its ads from Facebook because, while it is encouraged by Zuckerberg's promises, the social media platform still needs to strengthen its default privacy settings for third-party apps. Once that is done, Mozilla will consider returning.
Until now, Facebook's appeal to advertisers has not been hurt by the Cambridge Analytica scandal but the Mozilla news changes this. Whether or not others will follow remains to be seen. The Mozilla post is interesting because it calls out Facebook for not going far enough in the steps it outlined yesterday to beef up data security. Specifically, Mozilla wants Facebook to take more direct action on its platform.
"We are encouraged that Mark Zuckerberg has promised to improve the privacy settings and make them more protective," Mozilla said in the post. "When Facebook takes stronger action in how it shares customer data, specifically strengthening its default privacy settings for third-party apps, we’ll consider returning."
The proposed changes outlined by Zuckerberg in yesterday's post will give users more control over which third-party apps have access to their information and keep them informed of what information apps have access to, but developers are likely to be unhappy about the added restrictions placed on them and the move could result in less creativity on the platform. Developers are an active and important part of the Facebook ecosystem, with the platform granting access to some of its workings so these third-parties can create experiences for users. To date, being able to leverage user data has been one of the appeals for developers to create Facebook experiences. It is also not clear how effective the steps outlined yesterday will be in keeping out bad players like Cambridge Analytica. Facebook tried previously to tighten the reins on user data. Whether it simply didn't go far enough or motivated developers will always find a way to exploit the system remains to be seen.
Facebook is also relying on users to be more proactive by making it easier for them to understand which apps they have allowed to access their data. With this in mind, the platform will move a tool allowing users to revoke apps’ permissions to data from the privacy settings to the top of the News Feed to make it more accessible.
While the Cambridge Analytica dust up adds to Facebook's woes, including a series of metrics flubs last year and growing evidence that young consumers are leaving the platform, so far these troubles do not appear to be having a negative impact on marketers' interest in advertising on the platform.
Zuckerberg did not make an outward apology to the millions of users whose data was accessed illicitly. Instead, he called the incident a learning experience to better secure the platform and make the community safer in the future.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that,” he wrote.
Zuckerberg also made several references to the 2014 changes to the platform made to limit the data that third-party apps could access, including requiring developers to get approval before requesting sensitive data, calling these the “most important steps” to keep “bad actors” from accessing information. He also emphasized that the policy would prevent apps like Kogan’s from accessing so much data today.
A few things were left out of the post that are likely on the minds of the public, advertisers and lawmakers, including why Facebook didn’t begin investigating Cambridge Analytica sooner or why it took the data firm’s word when it said it had deleted the data that it acquired, according to a TechCrunch report. The comments follow the news of an FTC probe of whether Facebook violated a 2011 consent decree concerning how it handled personal data of 50 million users and how the data was transmitted to Cambridge Analytica. Attorney generals from Massachusetts, New York and Connecticut have also opened an investigation into Facebook over the issue.