Facebook founder Mark Zuckerberg is admitting his platform failed to protect the data of its users and is planning to audit all apps that "had access to large amounts of information" before 2014.
His comments come while the social media platform is under a siege of criticism over a data information scandal involving the technology firm, Cambridge Analytica, that was recruited to work on the Donald Trump campaign and had also hoped to work on the Brexit campaign in the United Kingdom. The scandal has resulted in Facebook's stock plummeting, losing eight per cent of its value or $35 billion since the beginning of the week.
"I've been working to understand exactly what happened and how to make sure this doesn't happen again," he said in a message posted on his Facebook page, his first major public comment since the scandal was reported over the weekend by the Guardian in the UK and the New York Times. "The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it."
The company had previously denied that there was any breach of Facebook data, but Zuckerberg was singing a different tune in his statement on Wednesday as he outlined what was uncovered in the media reports about a Cambridge University researcher, Aleksandr Kogan, who gathered the Facebook user data through a personality quiz app. The tactics were uncovered by media outlets after a Canadian whistleblower who worked on the strategy, Christopher Wylie, came forward to reveal what they had done.
"This was a breach of trust between Kogan, Cambridge Analytica and Facebook," Zuckerberg said in his statement. "But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that."
Zuckerberg said Facebook had implemented restrictions in 2014 when it started cracking down on developers using apps, but he also confirmed new measures, including the audit, that would extend to any app with suspicious activity.
"We will ban any developer from our platform that does not agree to a thorough audit," he said. "And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well."
He also said that Facebook would restrict developers' access "even further" to prevent other types of abuse. This could include removing access to data from any app that has not been used by someone for three months.
"We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address," Zuckerberg continued in the message. "We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we'll have more changes to share in the next few days."
He also said that Facebook would introduce a new tool at the top of a user's news feed to list all of the apps a person has used, giving a new and simpler option to remove permissions or access to data.
"I started Facebook, and at the end of the day I'm responsible for what happens on our platform," Zuckerberg said. "I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward."
"I want to thank all of you who continue to believe in our mission and work to build this community together. I know it takes longer to fix all these issues than we'd like, but I promise you we'll work through this and build a better service over the long term."
Editor's note: This article was updated at 5:45 p.m. ET on March 21 to clarify that Cambridge Analytica says it didn't work on the Brexit campaign.
Comments
I tried to read Zuckerberg's apology but to see it all I was asked to sign into Facebook which I will never do. So nothing has really changed. I did ask for my account to be deleted months ago and it is one of the more complex processes I have ever been through and that apparently is not changing despite all the apologies and changes that Facebook is promising. Also letting the data of 50 million Americans go wandering deserves a great deal more than a reluctant apology delivered late and with no promise to change anything substantial about the data collection process. What needs to happen is that our data is not shared unless we explicitly agree in response to a clearly worded statement about how our data will be used and not lost in legalese when we sign on. If we don't want our data to be shared that should not bar us from using the site. Finally, since Mark makes so much money off our data he really should pay us for it. That is something we really need to address.