Facebook reveals the steps it will take to avoid the next big data breach
After it was revealed that private data belonging to 50 million Facebook users was shared with data analytics company Cambridge Analytica, there has been much talk about what went wrong and how something similar can be avoided in the future. Mark Zuckerberg issued a non-apology, but Facebook has also indicated some of the things it will be doing in the wake of the fiasco.
Zuckerberg says that back in 2014, steps were taken to restrict the access apps have to data, and the social network also plans -- in the name of transparency -- to inform everyone who has been, or may have been, affected by the data breach. New tools are also on the way to give users greater control over apps, and to prevent abuse of Facebook and the data it holds.
- Mark Zuckerberg's failure to apologize about the Cambridge Analytica privacy breach is despicable
- Facebook suspends Trump campaign's data analytics team, Cambridge Analytica, for harvesting private information of 50 million users
- Mozilla launches a petition asking Facebook to do more for user privacy
- Mark Zuckerberg to publicly shame himself over Cambridge Analytica scandal on CNN tonight
In a post entitled Cracking Down on Platform Abuse the company starts off with a statement that many people might well disagree with: "Protecting people's information is the most important thing we do at Facebook." But in the fallout from the Cambridge Analytica breach, the company realizes that it very much failed to meet this aim and now needs to do something about it.
Although it has only just come to public attention, the issues with Cambridge Analytica have actually been rumbling away for a few years, and this has given Facebook the opportunity to take some action already to strengthen protection. But there are numerous changes coming to the way apps operate on the social network and how they can access data.
In all, Facebook sets out six steps it will take:
- Review our platform. We will investigate all apps that had access to large amounts of information before we changed our platform in 2014 to reduce data access, and we will conduct a full audit of any app with suspicious activity. If we find developers that misused personally identifiable information, we will ban them from our platform.
- Tell people about data misuse. We will tell people affected by apps that have misused their data. This includes building a way for people to know if their data might have been accessed via "thisisyourdigitallife." Moving forward, if we remove an app for misusing data, we will tell everyone who used it.
- Turn off access for unused apps. If someone hasn't used an app within the last three months, we will turn off the app's access to their information.
- Restrict Facebook Login data. We are changing Login, so that in the next version, we will reduce the data that an app can request without app review to include only name, profile photo and email address. Requesting any other data will require our approval.
- Encourage people to manage the apps they use. We already show people what apps their accounts are connected to and control what data they've permitted those apps to use. Going forward, we're going to make these choices more prominent and easier to manage.
- Reward people who find vulnerabilities. In the coming weeks we will expand Facebook's bug bounty program so that people can also report to us if they find misuses of data by app developers.
Facebook has not indicated quite when any of these measures will be implemented, but also says that "we'll be sharing details in the coming weeks about additional steps we're taking to put people more in control of their data." For now, it's a case of "watch this space."