CEO Mark Zuckerberg on Wednesday broke Facebook’s mysterious silence following news of several investigations into Cambridge Analytica’s access to personal data belonging to 50 million Facebook users.
Facing the wrath of everyone from U.S. and European regulators to shareholders, customers, and employees, Zuckerberg conceded that Facebook must make several changes in how it protects data if it expects to be taken seriously in the future, and it pledged to take those necessary steps.
“We have a responsibility to protect your data, and if we can’t, we don’t deserve to serve you,” he wrote in a post on his own Facebook page. “I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again.”
Facebook earlier this week announced the suspension of Strategic Communication Laboratories and its Cambridge Analytica political data firm for harvesting the personal information of those 50 million Facebook users without their permission. The data gathering was accomplished by leveraging research that a former Cambridge professor, Aleksandr Kogan, had performed with Facebook’s approval.
Using his “thisisyourdigitallife” app, Kogan sent quizzes to more than 270,000 Facebook members. He then harvested personal data from millions of their friends as well. Kogan passed that information to Cambridge Analytica, which then used it to target voters during the U.S. 2016 presidential election campaign on behalf of Donald Trump.
Zuckerberg acknowledged that Kogan was given permission to conduct the quiz but added that he had violated Facebook policy by passing on the data to a third party. Zuckerberg also said that after Facebook deleted the app, Kogan, Cambridge Analytica, and Christopher Wylie — the former Cambridge Analytica employee who blew the whistle on the incident — had reneged on a certification they gave to Facebook that they would delete the millions of data records.
In a related post on Wednesday, Facebook promised to take steps to prevent any recurrence of this type of activity. The company said it would investigate all apps that have had large amounts of access to customer data, conduct full audits, and ban them if it should find violations.
It also plans to implement the following changes:
- Facebook will disclose to members if their data has been misused by an app.
- Facebook will turn off an app’s access to users who haven’t used it in more than three months.
- Facebook will restrict Facebook login data to the user’s name, profile photo, and email address.
- Facebook will encourage members to manage the apps they use.
In addition, Facebook will expand its bug bounty program, which rewards people who report security vulnerabilities or misuse of data.
Several leading House and Senate committee leaders have fired off letters to Facebook seeking answers on its data policies. Zuckerberg, Facebook COO Sheryl Sandberg and other executives have been urged to appear on Capitol Hill.
Arrangements for a staff briefing are underway, according to Frederick Hill, spokesperson for Sen. John Thune, who chairs the Commerce Committee.
Several customer and investor lawsuits related to the data controversy have already been filed against Facebook.
Maryland customer Lauren Price filed a potential class action suit against Facebook and Cambridge Analytica in the U.S. District Court in Northern California, which alleges that the failure to safeguard her private data and failure to disclose constitutes negligence and violation of California’s unfair competition law.
Facebook, Zuckerberg, and CFO David Wehner are named in Yuan v. Facebook, an investor lawsuit alleging failure to disclose.
“We are committed to vigorously enforcing our policies to protect people’s information,” said Paul Grewal, Facebook’s deputy general counsel. “We will take whatever steps are required to see that this happens.”
The UK’s Information Commissioner’s Office has been seeking a warrant to enter the offices of Cambridge Analytica, which failed to respond to an earlier request to hand over documents to that office, confirmed spokesperson Helen Booth.
Cambridge Analytica on Tuesday announced that it suspended CEO Alexander Nix, naming Alexander Tayler as interim CEO. Nix was suspended after the airing of an undercover report by Channel 4 in the UK, which included hidden camera footage of Nix making statements regarding the firm’s use of sex workers to ensnare politicians.
The company’s board ordered an independent investigation into the comments.
Mozilla has launched a petition to get Facebook to change its app permissions.
“Individuals’ security and privacy on the Internet are fundamental and must not be treated as optional,” Mozilla said in a statement provided to the E-Commerce Times by spokesperson Jenifer Boscacci. “With our petition to Facebook, we’re sending a clear message to the company: take users’ privacy more seriously.”
The Electronic Privacy Information Center has filed a Freedom of Information Request with the Federal Trade Commission, which has launched an investigation into the data disclosures to Cambridge Analytica to find out if Facebook complied with a 2012 consent order that required it to report to the commission on whether it was maintaining proper privacy controls over data.
EPIC and other privacy groups had filed a complaint with the FTC over a previous data leak, which led to an agreement that compelled Facebook to maintain tight controls over third-party data disclosures.
Following Zuckerberg’s public comments, EPIC Executive Director Marc Rotenberg told the E-Commerce Times that “it’s no longer for Facebook to decide what happens next.”