In the midst of revelations of a major data breach, Facebook CEO Mark Zuckerberg on Wednesday admitted that his company made mistakes on user data secrecy and vowed to take steps to prevent the misuse or breach of personal data of users by developers or business partners.
Zuckerberg, 33, through a lengthy Facebook post, broke his silence over the alleged privacy scandal that hit the social media giant.
“I started Facebook, and at the end of the day, I’m responsible for what happens on our platform. I’m serious about doing what it takes to protect our community,” Zuckerberg said.
Reports alleged that personal data from as many as 50 million people might have been used improperly in Donald Trump’s 2016 presidential campaign by Cambridge Analytica, a UK-based political research firm.
Zuckerberg said, Facebook has a “responsibility” to protect its users’ data and if it fails, “we don’t deserve to serve you.”
He acknowledged that there is more the company needs to do.
“…But we also made mistakes, there’s more to do, and we need to step up and do it,” he said.
Over the past several days, Facebook has been facing an investigation by the Federal Trade Commission and calls for legislative testimonies in the US and Europe.
India’s Information Technology and Law Minister Ravi Shankar Prasad has warned social media companies such as Facebook of stringent actions if there was any attempt to influence the electoral process of any country.
Amidst a global outrage against Facebook, the Silicon Valley-based company, which currently has 2 billion monthly active users, has suffered a loss of USD 50 billion in market value.
In a damage control mode, Zuckerberg announced a slew of measures aimed to “secure our platform further and make our community safer for everyone going forward”.
For this, the Facebook founder said, his company will take three steps to prevent the data misuse.
“We will investigate all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014, and we will conduct a full audit of any app with suspicious activity,” he said.
“We will ban any developer from our platform that does not agree to a thorough audit. And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps,” he added.
Zuckerberg said that the second step is to restrict developers’ data access even further to prevent other kinds of abuse.
He cited an example for this: “It (Facebook) will remove developers’ access to one’s data if the app hasn’t been used by the person in three months.”
“We will reduce the data you give an app when you sign in — to only your name, profile photo, and email address. We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we’ll have more changes to share in the next few days,” Zuckerberg said.
In the last of the three steps, he said in April Facebook will show everyone a tool at the top of their News Feed with the apps they have used and an easy way to revoke those apps’ permissions to their data.
“We already have a tool to do this in your privacy settings, and now we will put this tool at the top of your News Feed to make sure everyone sees it,” Zuckerberg said. Zuckerberg said that his company had already taken a series of steps in 2014.
Giving a timeline of the events, Zuckerberg said in 2013, a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends’ data. Given the way Facebook platform worked at the time, this meant Kogan was able to access tens of millions of their friends’ data, he said.
Zuckerberg said in order to prevent the “abusive apps”, a series of measures were taken in 2014 to dramatically limit the data apps could access.
In 2015, Facebook learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against Facebook’s policies for developers to share data without people’s consent, he said, adding that he immediately banned Kogan’s app from Facebook, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.
Zuckerberg cited some media reports that suggested Cambridge may not have deleted the data as they had certified. This, according to him, was not only a breach of trust between Kogan, Cambridge and Facebook but also between his company and its users.
“But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that,” he said.
“In this case, we already took the most important steps a few years ago in 2014 to prevent bad actors from accessing people’s information in this way. But there’s more we need to do,” Zuckerberg said.