Facebook CEO Mark Zuckerberg finally broke his silence on the enveloping data scandal affecting the company following the revelations that data analytics and political consulting firm Cambridge Analytica had harvested users' profile data in the run-up to the US election.
For context: In 2014 a psychologist named Aleksandr Kogan advertised a paid personality quiz on Mechanical Turk and Qualtrics through an app called thisismydigitallife.
This requested permission for access to the quiz taker’s Facebook profiles, as well as their friends’ profiles, meaning the roughly 320,000 people who took the test also opened up access to 160 other people’s profiles – without their consent. Facebook later said that Kogan claimed to be collecting the data for academic reasons.
Writing on Facebook, naturally, Zuckerberg outlined the timeline of events leading up to the Cambridge Analytica scandal.
"In 2014, to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access," he wrote. "Most importantly, apps like Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today."
Zuckerberg goes on to identify three key steps the company is taking to ensure this doesn't happen again, and they all hinge on developer's access to user data.
Firstly, Zuckerberg was keen to state that the developer privileges which allowed for the sort of data sharing which led to Cambridge Analytica harvesting 50 million Facebook profiles via a personality test back in 2014, had already been revoked.
"In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people's information in this way," he wrote about changes to its Graph API.
He then outlined three new steps the company is taking to avoid this sort of situation in the future, and the second point has severe consequences for anyone developing apps for Facebook.
"We will restrict developers' data access even further to prevent other kinds of abuse," he wrote. "For example, we will remove developers' access to your data if you haven't used their app in 3 months.
"We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address. We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data."
Zuckerberg also promised, "more changes to share in the next few days".
Facebook is also conducting a full audit of any app with suspicious activity and "will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps".
His last action point is more aimed at users than developers, in that Facebook wants to "make sure you understand which apps you've allowed to access your data".
As a result, the company will be launching a tool and placing it at the top of News Feeds to show the apps users have given data privileges to and an easy way to revoke those apps' permissions.
This tool already existed but was buried in your privacy settings.