Facebook founder Mark Zuckerberg has admitted the giant social network “made mistakes” over the Cambridge Analytica scandal and a “breach of trust” had occurred between it and its users.
The CEO’s statement follows allegations that 50 million Facebook users’ private information was misused by the political consultancy firm.
Mr Zuckerberg pledged to introduce a series of changes.
These would make it far harder for apps to “harvest” user information, he said.
A breach of trust between app creator Aleksandr Kogan, Cambridge Analytica and Facebook had occurred, Mr Zuckerberg said in a statement on his Facebook page – his first public comments since the scandal broke.
But he added it was also a breach of trust “between Facebook and the people who share their data with us”.
He continued: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.
“I started Facebook, and at the end of the day I’m responsible for what happens on our platform.”
Earlier Mr Kogan, the Cambridge University academic who created the app that harvested data from 50 million Facebook users – mostly in the US – said Cambridge Analytica and the social media firm have made him a “scapegoat”.
He insisted he did not know his work for Cambridge Analytica in 2014 violated Facebook’s policies.
What has Zuckerberg pledged to do?
To address current and past problems, Mr Zuckerberg said Facebook would:
- investigate all apps that had access to large amounts of information before the platform was changed “to dramatically reduce data access” in 2014
- conduct a full audit of any app with suspicious activity
- ban any developer that did not agree to a thorough audit
- ban developers that had misused personally identifiable information, and “tell everyone affected by those apps”
In future, he said Facebook would:
- restrict developers’ data access “even further” to prevent other kinds of abuse
- remove developers’ access to a user’s data if the user hadn’t activated the developer’s app for three months
- reduce the data that users give an app when they sign in to just name, profile photo, and email address
- require developers to obtain approval and also sign a contract in order to ask anyone for access to their posts or other private data
Mr Zuckerberg added: “While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past.
“We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”
Analysis by Dave Lee, BBC North America technology reporter, at Facebook’s headquarters
I read one thing loud and clear from this statement: Facebook is not prepared to take the blame for what has happened.
Contrition has never been Mr Zuckerberg’s strong point, and this statement, days in the making, is no different.
No apology to users, investors or staff over how this incident was allowed to happen by the data policies in place at the time.
No explanation as to why, after learning its data was being abused like this in 2014, it opted to give the companies a telling off instead of banning them outright.
No reasoning as to why Facebook failed to inform users their data may have been affected. Technically, it still hasn’t.
Mr Zuckerberg’s words were not an explanation, but a legal and political defence. This company knows it is heading into battle on multiple fronts.
Follow Dave Lee on Twitter @DaveLeeBBC
How do I protect my Facebook account?
- Log in to Facebook and visit the App setting page
- Click edit button under Apps, Websites and Plugins
This will mean that you won’t be able to use third-party sites on Facebook and if that is is a step too far, there is a way of limiting the personal information accessible by apps while still using them:
- Log into Facebook’s App settings page
- Unclick every category you don’t want the app to access, which includes bio, birthday, family, religious views, if you are online, posts on your timeline, activities and interests
There are some other pieces of advice too.
“Never click on a ‘like’ button on a product service page and if you want to play these games and quizzes, don’t log in through Facebook but go directly to the site,” said Paul Bernal, a lecturer in Information Technology, Intellectual Property and Media Law in the University of East Anglia School of Law.