In the wake of the Cambridge Analytica scandal, Facebook has announced additional limits that it will place on applications that access its account. First, developers will receive less information, they will be cut off when people stop using their application, and they will have to obtain Facebook approval to access more detailed information.
By default, developers who use Facebook Login will now receive only the user name, profile photo and email address when someone logs in via Facebook. More information, such as your Facebook posts, will require the developer to receive permission from Facebook. It is not clear how strong this process will be (they will have to "sign a contract"), and it is not clear if Facebook intends to perform audits to ensure compliance with the privacy measures, since it did not achieve this in the situation of Cambridge Analytica – but it is a start to prevent user data from spreading unnecessarily.
Cut the access help. As for signing a contract …
In addition, Facebook will now cut the access of applications to the data of an account when that person has not used the application for three months. This is a useful change from a user's perspective, as many people have realized in recent days that they have allowed hundreds, if not thousands, of applications to remain connected to their Facebook accounts, which could allow the data collection.
The changes were announced in a Facebook post today by Mark Zuckerberg, who has so far remained silent about the data scandal. His publication also describes additional steps that Facebook plans to take to ensure that users are aware of what is happening with their data. Within the next month, Facebook will place a tool on top of the News Feed that gives people a way to disable applications. The company also plans to "investigate all applications that had access to large quantities" in the past, to ensure that nothing was abused, and to inform users if it was discovered that their data was not handled correctly.
To do that, Facebook says it will look for "suspicious activity" among the companies it investigates and "perform a full audit" of them; If they reject the audit, they will be excluded from Facebook. Developers who misused the "personally identifiable information" will also be prohibited. The research applies to developers who were on the platform during or before 2014, when Facebook made a change that limited the amount of data they had access to. At that time, developers could access the data of a user's friends, even if their friends had not granted access to the application. This is how Cambridge Analytica was able to obtain information on 50 million accounts, despite starting with less than 300,000 users.
Facebook also intends to expand its bug rewards program to include the misuse of data in third-party applications, which is not something typically found in these types of programs.
Facebook says that additional changes will be announced in the "next few weeks", and that it intends to accelerate other data protection efforts that it was already working on. Some of them, he says, were in response to the upcoming data protection rules in the European Union.