Amid global uproar over data breach from its platform, social networking giant Facebook is tweaking its usage policy for third party apps, including login process, to ensure that they have only limited access to user information. Facebook, which has over two billion users globally, including over 200 million from India, has been in the eye of the storm over harvesting of data of millions of users by Cambridge Analytica that is linked to Donald Trump’s 2016 presidential campaign.
Yesterday, Facebook CEO Mark Zuckerberg admitted to making “mistakes” and said he was “happy” to answer questions about the scandal before the US Congress even as India launched an offensive against the company over the scandal. “…we’ve seen abuse of our platform and the misuse of people’s data, and we know we need to do more. We have a responsibility to everyone who uses Facebook to make sure their privacy is protected,” Facebook said in a blogpost. It vowed to set a “higher standard for how developers build on Facebook, what people should expect from them, and, most importantly, from us”.
The data scandal erupted after a whistleblower revealed that Cambridge Analytica, a data firm with ties to Trump’s 2016 campaign, accessed personal data from 50 million Facebook users without their knowledge, and might have kept that data even after Facebook told the company to delete it.
Cambridge Analytica (CA) had created psychological profiles on 50 million Facebook users via a personality prediction app, created by a researcher named Aleksandr Kogan. In the post, the US-based firm said it will investigate all apps that had access to large amounts of information before it changed its platform in 2014 to reduce data access, and will conduct a full audit of any app with suspicious activity.
“If we find developers that misused personally identifiable information, we will ban them from our platform… Moving forward, if we remove an app for misusing data, we will tell everyone who used it,” it added. Facebook said it is changing the login process in a way that will reduce the data that an app can seek.
“We are changing Login, so that in the next version, we will reduce the data that an app can request without app review to include only name, profile photo and email address. Requesting any other data will require our approval,” the post said. Besides, it will expand its bug bounty programme, so that people can report misuses of data by app developers.
The company said some of these updates were already in the works, while others are related to new data protection laws coming into effect in the EU. “This week’s events have accelerated our efforts, and these changes will be the first of many we plan to roll out to protect people’s information and make our platform safer,” it said.