Security

Facebook's Zuckerberg: Here's how we'll fix our massive data privacy problems

The firm has faced backlash following revelations that data from 87 million users was shared with research firm Cambridge Analytica.

Building a slide deck, pitch, or presentation? Here are the big takeaways:
  • Facebook has updated its data practices to deprecate certain APIs, eliminate access to certain features like Search, and change how it collects data.
  • The changes in Facebook's data collection policies follow revelations that user data on 87 million individuals was collected by Cambridge Analytica.

Facebook has made some serious changes to its data collection practices, noted in a Wednesday blog post, following controversial revelations that data from 87 million users was collected by Cambridge Analytica.

CEO Mark Zuckerberg addressed the changes and controversy in a press call Wednesday, stating that the firm was aggressively fighting the misuse of data, using artificial intelligence (AI) to fight online trolls and more. He also noted on the call that Facebook will have 20,000 employees working on security by the end of the year.

Some of the biggest issues facing Facebook, Zuckerberg said, were questions such as can the firm get its systems under control and can it make sure that the systems aren't being used to undermine democracy. To address those issues, Facebook is changing its approach to data across the platform.

SEE: Information security policy (Tech Pro Research)

According to the blog post, the following changes will take place:

  • The Events API can no longer access the guest list or wall posts, and only apps that meet "strict requirements" will be able to use the API in the future.
  • Any third party app wanting to use the Groups API will need approval from Facebook and a group admin. Personal data from members will be removed, and apps won't be able to access the member list.
  • Any future access to the Pages API will need Facebook approval.
  • Any apps that request access to personal user information (check-ins, likes, photos, posts, etc.) will need Facebook approval, and the review process is getting more complex. Apps can't ask for personal data (political views, relationship status, etc.) anymore and developers can no longer request data that people had shared with them if they haven't used the app in three months.
  • The Instagram Platform API has been deprecated.
  • Facebook has eliminated the ability to search for a user by a person's phone number or email address and has made changes to account recovery to fight data scraping.
  • Facebook collects call and text history as an opt-in feature and will delete logs older than one year. In the future, only needed information will be uploaded to servers.
  • Partner Categories, "a product that lets third-party data providers offer their targeting directly on Facebook," has been shut down.
  • Starting April 9, a new feature will appear in users' News Feeds that shows users what apps they're using and what data they have shared with the apps. There they'll be able to remove the apps as well.

When asked by a reporter from Axios why users should trust him to give an accurate picture of Facebook's current state, Zuckerberg said that security was an "arms race" that could never be fully accomplished. He also said that he's "confident" they'll find more more content, over time, that's against policy.

As regulations like the European General Data Protection Regulation (GDPR) take center stage, Zuckerberg addressed Facebook's view on GDPR by saying that he saw the regulations as "positive." As noted in a recent Reuters report, Facebook likely won't implement GDPR controls as standard around the world, but Zuckerberg did say all the controls for Europe will be extended as an option everywhere.

In terms of personal data that Facebook has on users, Zuckerberg said it's because "you chose to share it." He also said that Facebook has never sold user data to advertisers.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Facebook has received backlash from users, but also from other tech companies (mostly Apple) following the Cambridge Analytica revelations. At a recent China Development Forum, Apple CEO Tim Cook went as far as to say: "The ability of anyone to know what you've been browsing about for years, who your contacts are, who their contacts are, things you like and dislike and every intimate detail of your life—from my own point of view, it shouldn't exist."

Google has also upped its transparency regarding personal data, offering an easy-to-find privacy dashboard where users can see what data is collected on them and make changes.

Update: Cambridge Analytica provided the following statement:

Today Facebook reported that information for up to 87 million people may have been improperly obtained by research company GSR. Cambridge Analytica licensed data for no more than 30 million people from GSR, as is clearly stated in our contract with the research company. We did not receive more data than this.

We did not use any GSR data in the work we did in the 2016 US presidential election.

Our contract with GSR stated that all data must be obtained legally, and this contract is now a matter of public record. We took legal action against GSR when we found out they had breached this contract.

When Facebook contacted us to let us know the data had been improperly obtained, we immediately deleted the raw data from our file server, and began the process of searching for and removing any of its derivatives in our system.

When Facebook sought further assurances a year ago, we carried out an internal audit to make sure that all the data, all derivatives, and all backups had been deleted, and gave Facebook a certificate to this effect.

We are now undertaking an independent third-party audit to demonstrate that no GSR data remains in our systems.

Also see

facebook.jpg

Privacy messages users may see from Facebook.

Image: Facebook

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox