Facebook makes its data policy clearer as the Cambridge Analytica scandal continues to roll on.
The repercussions of the Cambridge Analytica scandal continue to be felt around the world, and Facebook is taking a hard look at its own policies and privacy protocols. As the amount of compromised users in the aforementioned scandal swells to 87m, the social network is overhauling its tools.
Facebook CTO Mike Schroepfer said: “We expect to make more changes over the coming months, and will keep you updated on our progress.”
The main changes
Prior to the new changes, users could grant an app permission to get information about events they attend or host, including private events. This helped with adding Facebook events to calendars, ticketing apps and other services. Events also have information about other people’s attendance and wall posts. Now, apps using the Events API can no longer access the guest list or wall posts on the event page. Schroepfer also said only approved apps that agree to strict requirements will be permitted to use this API in future.
From now on, all third-party apps using the Groups API will need approval from Facebook and a group admin before they can access content for closed or secret groups. Apps will no longer have access to the member list of the group, and personal information such as names and profile photos attached to posts or comments in groups that apps can access will be removed.
Until these new changes, any app could use the Pages API to read comments or posts from any page, allowing developers to build tools for page owners to help schedule posts or reply to comments. Schroepfer said: “It also let apps access more data than necessary. We want to make sure page information is only available to apps providing useful services to our community. So, starting today, all future access to the Pages API will need to be approved by Facebook.”
Facebook will now need to approve all apps that request access to information such as check-ins, likes, posts, events and groups. It will now require apps to agree to stringent requirements before they can access this data. Apps will no longer be allowed to ask for access to personal details such as religious or political views, relationship status, education history, fitness activity and other personal information. In the next week, developers will no longer be able to request data shared with them by users if it appears they have not used an app in the last three months.
Instagram platform API
The recently announced deprecation of the Instagram API is now in force, as opposed to the original July and December 2018 dates earmarked for these changes to come into effect. Features that are now disabled include the APIs for follower lists, relationships and commenting on public content.
Search and account recovery
Users will no longer be able to input an email address or phone number into Facebook search to find a person’s profile. Schroepfer said that although many people have found the feature helpful, the scale of its use by bad actors means it needs to be disabled. Account recovery changes will also reduce the risk of profile scraping.
Call and text history
Call and text history is part of an opt-in feature for people using Messenger or Facebook Lite on Android. Facebook does not collect the content of these messages and now will delete all logs older than a year. In future, the client will only upload minimal information required to run the feature to Facebook’s servers.
Data providers and Partner Categories
Facebook announced it would be shutting down the Partner Categories product last week.
From 9 April, a link will appear at the top of a user’s feed so they can examine the apps they use and the information they have shared with them.
Updates to terms of service
Vice-president and chief privacy officer Erin Egan, and vice-president and deputy general counsel Ashlie Beringer also announced some clarifications to the company’s terms of service. These include details on how Facebook investigates suspicious activity on the platform, specific information on data collected from user devices and a better explanation of the other companies in the data policies of the Facebook family – Oculus, WhatsApp, Messenger, Instagram and Facebook itself.