Mark Zuckerberg has broken his silence on the Facebook Cambridge Analytica scandal, admitting that the social site “made mistakes” but insisting that it is working to address them. The much-anticipated comments come after Facebook was accused of poorly handling personal information, after a researcher taking advantage of an official Facebook API was able to collect the data of 50 million users.
That’s despite the researcher only in fact engaging directly with a small fraction of that cohort, which were persuaded to grant access to a psychological test on Facebook. Thanks to the policies of a since-changed API, giving those permissions also opened up access to the friends of those users in the process. Eventually, the cache of data was handed over to Cambridge Analytica, the company which worked with the Trump Campaign in 2016 and which has been accused of helping manipulate American voters.
Zuckerberg, in a post today, calls out the changes Facebook already made back in 2014 after it was first made aware of the potential for data scraping that its APIs legitimized. “In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access,” the founder and CEO explains. Apps could no longer request data on a person’s friends unless that friend also gave permission, and developers building such apps also needed explicit permission from Facebook before they could go after sensitive data.
However the furore since the revelations last week – and how Facebook handled its part in them – have made clear that old actions alone won’t be sufficient. For that, Zuckerberg has three steps he says the company will take.
First, Facebook plans to investigate every app which had access to large amounts of personal data before the rules were changed in 2014. Anything suspicious will trigger a full audit. Developers who refuse the audit will be banned from Facebook altogether, Zuckerberg says, and any that did misuse personally identifiable information will also be banned.
Facebook will also inform those whose data was affected of what has happened. That includes anybody who was among the vast collection of details that was passed over to Cambridge Analytica.
In addition, Facebook plans to clamp down on what data can be accessed moving forward. “For example, we will remove developers’ access to your data if you haven’t used their app in 3 months,” Zuckerberg explains. “We will reduce the data you give an app when you sign in – to only your name, profile photo, and email address.” Developers will have to sign a contract with Facebook before they can ask for personal data.
Finally, a new tool is being added to make data visibility more transparent for users. That will basically involve putting the app permissions settings we showed you how to audit at the very top of the News Feed. Meanwhile, Facebook’s bug bounty program is being expanded so that people can report misuses of data by app developers.
According to the company, Facebook was already working on some of these changes ahead of the Cambridge Analytica revelations. After all, it has found itself under the microscope in the European Union, after tougher data protection laws came into play. Whether all this is enough to stem the #DeleteFacebook movement, though, remains to be seen.