#WheresZuck? Posting a mea culpa on Facebook after nearly five days of conspicuous silence.
In the wake of the Cambridge Analytica scandal, which broke over the weekend, Facebook CEO Mark Zuckerberg took to Facebook to explain what happened and to outline fixes.
He promised Facebook would investigate all apps that had “access to large amounts of information” before 2014, when Facebook restricted the data developers could access through its API.
Unauthorized data sharing is an intractable issue for Facebook, which hasn’t done a thorough job of monitoring what third parties do with restricted data once it leaves Facebook’s platform.
According to several sources AdExchanger spoke with, Facebook hasn’t been systematic about following up to ensure third parties handle the data they gather from Facebook properly.
Now, Zuckerberg said Facebook plans to conduct a “full audit” of any app with suspicious activity.
Aleksandr Kogan, the academic researcher at the heart of the Cambridge Analytica affair, was reportedly able to access millions of Facebook profiles over just a few weeks back in 2014, when the rules were more lax.
Kogan could do that because Facebook’s API allowed for the collection of friend-related data, which is no longer possible. This was the data he passed to Cambridge Analytica.
Developers can no longer access friend data. But this doesn’t mean apps that gathered it before the 2014 clampdown don’t still have it.
Zuckerberg wrote that any developer refusing a thorough audit will be banned, as will any developers found to have misused PII. Facebook users affected will be notified of any wrongdoing, including those affected by Kogan’s misuse.
Facebook was roundly criticized this week for failing to alert users that their data had been handed over to an unauthorized third party, despite the company knowing since 2015 that Kogan had improperly shared data with Cambridge Analytica.
Developers will also see their data access restricted even further to prevent other potential abuses. Going forward, the only data an app will get when a user signs in will be the person’s name, profile photo and email address.
And if someone hasn’t used an app in three months, Facebook will remove the developer’s access to that person’s data. Developers will also have to sign a contract before they ask users for access to posts or other private data.
Finally, Facebook has plans to roll out a tool at the top of the news feed to make it easier to revoke app permissions.
Zuckerberg vowed that there will be more changes to come over the next few days.
“Beyond the steps we had already taken in 2014, I believe these are the next steps we must take to continue to secure our platform,” he wrote. “We have a responsibility to protect your data, and if we can't then we don't deserve to serve you.”