Facebook: We'll inform everyone whose data is misused

Facebook will inform every user whose data was included in the Cambridge Analytica scandal, part of a push for transparency that CEO Mark Zuckerberg announced today. The site has found itself at the center of a privacy controversy – not to mention the #DeleteFacebook campaign – after the voter influencing firm was accused of manipulating data in favor of the Trump campaign during the 2016 US election.

In an explanation posted, unsurprisingly, on Facebook today, Zuckerberg fell short of apologizing for the company's part in the issue. However, he did outline what Facebook plans to do to address it moving forward. That includes notifying affected users, not only of this Cambridge Analytica situation, but any other that Facebook discovers.

Exactly how that process will work is unclear. Previously, Facebook has offered a tool by which its users could check if they'd ever unwittingly liked a Russian 2016 election propaganda post. After checking it, people would be told whether their account had been fooled.

At the time, though, Facebook was criticized from some quarters by people arguing the site should've gone further. Rather than expecting users to proactively visit a page and check, so the suggestion went, it ought to have reached out to those affected. That should presumably be straightforward for Facebook to do, after all.

The new policy goes beyond just Cambridge Analytica, mind. Zuckerberg says that the company plans to investigate every app "that had access to large amounts of information" before the policy change in 2014 which locked down what data third-party apps could see. Anything that shows "suspicious activity," Zuckerberg explained, would trigger an audit by the company.

For those apps and developers so identified, there'll be no way to opt out of that audit – at least, not if they want to stay on Facebook. "We will ban any developer from our platform that does not agree to a thorough audit," Zuckerberg writes. "And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps."

Even if there's no visible evidence of foul play, there'll be tighter policies around data storage too. Facebook will be cutting off access to a user's data if that person hasn't interacted with an app in the past three months, for example. Apps that use Facebook to handle their sign-in process will only get the basics of the individual user: name, profile picture, and email address. Zuckerberg says there'll be more changes on that front in the coming days, too.

Of course, Facebook also has user-facing settings by which users can adjust how their information is handled, what apps can see it, and how it's used for advertising. Soon, the app permissions settings will be getting flagged up at the top of the News Feed, to encourage people to sift through them. Still, you can get a head-start on that process now.