Data

Facebook Fails Again to Limit Access to Third-Party Data

Photo by Alastair Pike/AFP via Getty Images

The takeaways

  • Facebook provided around 5000 third-party app developers with private user data despite an automatic setting to stop doing so if they were inactive after 90 days.
  • The company’s data practices have been increasingly criticised since the Cambridge Analytica scandal two years ago and admitted to a similar failure in 2019.
  • The company assures consumers that the issue has been fixed and has promised transparency around its evolving data policies.

What happened?

Yesterday, Facebook admitted to providing thousands of third-party developers with non-public consumer data, despite specifically assuring users it would not do this. The company said that it failed to stop automatically updating apps with a user’s data if that user chose to stop using the app in question 90 days prior. 

In a blog post titled “Improving Data Limits for Infrequently Used Apps,” Facebook announced that the information of an unspecified number of users was affected. Facebook estimates that approximately 5000 developers have continued to receive updated data but stated that the problem was fixed the day after discovery. The company originally set the 90-day threshold in 2018 during the Cambridge Analytica scandal that revealed the political consulting firm’s unauthorized use of up to 87 million Facebook users’ data.

What was disclosed?

The blog post discloses that the disclosed user info possibly included birthdays, email addresses, language, and gender.  

The author, vice president of platform partnerships Konstantinos Papamiltiadis, wrote that Facebook is “[prioritizing] transparency around any major updates,” presumably to assure consumers. Facebook has a history of third-party data breaches despite CEO Mark Zuckerberg’s 2009 declaration that they would not sell user data for profit. Since the Cambridge Analytica revelations, Facebook has admitted to another breach in late 2019.

Also announced by Papamiltiadis were new Platform Terms and Developer Policies to strengthen data security, including third-party consent and deletion requirements on Facebook’s platform. The new regulations are “to ensure businesses and developers clearly understand their responsibility to safeguard data and respect people’s privacy when using our platform.”

You may also like

Comments are closed.

More in Data