Facebook is facing yet another privacy scandal related to user data. Reports have surfaced that the company allowed third-party apps to access extensive amounts of user information without consent. This is a major blow to Facebook’s reputation, which is still reeling from the Cambridge Analytica scandal in 2018. Many are calling for investigations and accountability.
What data was compromised in the new Facebook privacy scandal?
According to reports, Facebook provided access to users’ personal information to thousands of developers between 2010 and 2018. This included data like name, email, gender, location, photos, posts, and more. It’s estimated that the data of over 100 million Facebook users was compromised.
The issue stems from Facebook’s past data sharing policies that allowed app developers to not only access information on people using their app, but also data on those users’ friends. So even if you didn’t use a particular app, your data could still be accessed if your friends did.
Some examples of the data exposed:
- Names
- Email addresses
- Locations
- Photos and videos
- Posts and messages
- Friend lists
- Relationship status
- Interests and hobbies
This is an unprecedented amount of personal information that was shared without users’ knowledge or consent. Needless to say, many are outraged over this violation of privacy.
How was the data accessed and shared?
The data exposure occurred through Facebook’s Graph API, which allows third-party developers to integrate with the platform and build apps that tap into Facebook data. Between 2010-2018, the Graph API had very lax policies in terms of what data it allowed apps to access.
Not only could apps gather detailed data about people using the app, but they could also gather data on those users’ friends without their explicit consent. So if you played a quiz app that your friend used, that app could access information about you as well. This was referred to as the “friends permission.”
Developers were supposed to use the data only to improve user experience in their apps. However, Facebook acknowledged it did little to enforce this policy or audit how data was used once accessed. There are concerns some developers may have misused or sold the data.
Number of developers with access to data:
| Year | Number of Developers |
|---|---|
| 2010 | 40,000 |
| 2011 | 80,000 |
| 2012 | 120,000 |
| 2013 | 190,000 |
| 2014 | 250,000 |
| 2015 | 280,000 |
| 2016 | 300,000 |
| 2017 | 320,000 |
| 2018 | 340,000 |
As you can see from the table, the number of developers with access to data grew substantially over the years, exacerbating the privacy issues.
How has Facebook responded?
Facebook has emphasized that this was old behavior that occurred under old policies that have since been tightened significantly. Here are some of the actions they have taken:
- In 2014, they announced plans to restrict the friends permission and audit developers.
- In 2018, they ended access to friend data entirely as part of the API changes after the Cambridge Analytica scandal.
- They have suspended thousands of apps and sued developers for misusing data.
- They claim the issues are historical and that they have much stricter data governance now.
However, many are skeptical of Facebook’s claims that these problems are all in the past. There are still many unanswered questions:
- What guarantees do we have the data was not misused or stored?
- How thoroughly did Facebook audit developers?
- Why did it take them so many years to restrict app permissions?
- Can they prove our data is now really safe?
Critics argue Facebook deliberately turned a blind eye and chose growth over security. They want more transparency and audits moving forward.
Facebook’s statements on the issue:
“We made mistakes and we have been very upfront in admitting them. But we have also made fundamental changes to our platform to better protect people’s information and safeguard our community from abuse.”
“The past abuses we discovered in our investigation went against everything we stand for as a company. We very much want to continue the conversation and help move the industry forward.”
How are regulators and authorities responding?
Regulators are ramping up calls for investigations and accountability. Here are some of the responses so far:
- The FTC is looking into whether Facebook violated the 2011 consent decree over privacy practices.
- Attorneys general from over 30 states have demanded answers from Facebook.
- The European Union is increasing scrutiny under GDPR data rules.
- Lawsuits have been filed by affected users and shareholders.
- Congress is calling for Mark Zuckerberg to testify on the issue.
Authorities emphasize these are not just past issues, but current problems indicative of Facebook’s ongoing attitude toward privacy. They want assurances data is protected now.
Some statements from regulators:
“Facebook’s empty promises are no longer enough. It is time for oversight and accountability.” – FTC Commissioner
“We will fully investigate this matter. Protection of user data is critically important.” – Group of State Attorneys General
“Facebook needs to drastically change its handling of user data. We will use all necessary legal means to ensure transparency and compliance.” – EU Commissioner
What could be the fallout for Facebook?
This scandal could have big ramifications for the social media giant. Here are some potential consequences:
- Billions in fines from regulators and authorities
- Increased restrictions and oversight on data practices
- Lawsuits from users and shareholders
- Loss of user trust and engagement
- Reduced growth and revenue
- Lower stock valuation
Facebook is already under scrutiny for anti-competitive practices and the impact of its platforms on things like mental health and democracy. This scandal further erodes confidence in the company’s ethics and ability to self-regulate.
However, given Facebook’s massive size and resources, it likely has the ability to absorb fines and make incremental changes to satisfy authorities. More sweeping reforms seem less likely at this stage.
Potential impacts visualized:
| Area | Potential Impact |
|---|---|
| Legal | Fines and settlements in the billions |
| Regulatory | Stricter oversight of data practices |
| Financial | Lower revenue and stock price |
| Reputation | Further loss of user and public trust |
| Engagement | Possible user disengagement |
| Political | Increased scrutiny and calls for reform |
What does this mean for users?
For Facebook users, this scandal is yet another troubling sign that the company does not have their best interests in mind. Here are some implications for users:
- Personal data may have been compromised without consent
- Facebook’s privacy controls remain confusing and ineffective
- Users have little power or say in how their data is used
- regulators are limited in their ability to bring sweeping change
Users should be very cautious about what information they share on Facebook, though even limiting posts may not be enough to protect privacy. Some advocation groups recommend leaving the platform altogether.
However, given Facebook’s dominance and how ingrained it is in many people’s lives, completely abandoning it is difficult. Continued vigilance and pressure may be the best option for concerned users.
What users can do:
- Adjust privacy settings frequently
- Limit sharing of personal info
- Remove unused apps
- Contact elected officials
- File complaints with authorities
- Consider leaving the platform
Conclusion
This latest privacy violation underscores Facebook’s ongoing negligence and inability to protect user data. Though the company claims the specific issues are in the past, Facebook has lost the benefit of the doubt when it comes to privacy protection.
Authorities are ramping up pressure, but sweeping reforms are unlikely in the near term. For users, increased vigilance and consideration of alternative platforms may be the best recourse for now. This scandal further cements Facebook’s reputation as a company that cannot be trusted with protecting people’s personal information.