Facebook revealed Wednesday that tens of millions more people might have been exposed in the Cambridge Analytica privacy scandal than previously thought and said it will restrict the user data that outsiders can access.
In a call with reporters Wednesday, Zuckerberg acknowledged he made a “huge mistake” in failing to take a broad enough view of what Facebook’s responsibility is in the world. He said it isn’t enough for Facebook to believe app developers when they say they follow the rules. He says Facebook has to ensure they do.
Facebook is facing its worst privacy scandal in years following allegations that Cambridge Analytica, a Trump-affiliated data mining firm, used ill-gotten data from millions of users through an app to try to influence elections.
Facebook said Wednesday that as many as 87 million people might have had their data accessed an increase from the 50 million disclosed in published reports. Facebook is basing the estimate in part on the number of friends each user might have had. Cambridge Analytica said in a statement that it had data for only 30 million people.
On Monday all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They’ll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.
Zuckerberg said fixing the company’s problems will take years.
Besides the privacy scandal, Facebook also has been dealing with fake news, the use of Facebook to spread hate and discord and concerns about social media’s effect on people’s mental well-being.
These are “big issues” and a big shift for Facebook as it broadens its responsibility, Zuckerberg said. He added that he does think that by the end of this year the company will have “turned a corner” on a lot of the issues. Zuckerberg has made fixing the company his personal challenge for 2018.
As part of the steps it’s taking to address scrutiny about outsiders’ access to user data, Facebook outlined several changes to further tighten its policies. For one, it is restricting access that apps can have to data about users’ events, as well as information about groups such as member lists and content.
In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way. Facebook says it believes most of its 2.2 billion users had their public profile information scraped by businesses or various malicious actors through this technique at some point. Posts and other content set to be visible only to friends weren’t collected.
This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers’ access to people’s data if the person has not used the app in three months.
Although Facebook says the policy changes aren’t prompted by recent events or tighter privacy rules coming from the EU, it’s an opportune time. It comes as Zuckerberg is set to appear April 11 before a House committee his first testimony before Congress. Separately, the U.S. Federal Trade Commission and various authorities in Europe are investigating.
Almost always, critics say, the changes meant a move away from protecting user privacy toward pushing openness and more sharing. On the other hand, regulatory and user pressure has sometimes led Facebook to pull back on its data collection and use and to explain things in plainer language in contrast to dense legalese from many other internet companies.
The policy changes come a week after Facebook gave its privacy settings a makeover. The company tried to make it easier to navigate its complex and often confusing privacy and security settings, though the makeover didn’t change what Facebook collects and shares either.
Several users were surprised to learn recently that Facebook had been collecting information about whom they texted or called and for how long, though not the actual contents of text messages. It seemed to have been done without explicit consent, though Facebook says it collected such data only from Android users who specifically allowed it to do so for instance, by agreeing to permissions when installing Facebook.
On Wednesday, Facebook said will delete all logs after a year and in the future, the only information this tool will collect from now on is the data that it needs to operate and “not broader data such as the time of calls.”
The new policy also makes it clear that WhatsApp and Instagram are part of Facebook and that the companies share information about users. WhatsApp will still have a separate policy as well, while Facebook and Instagram share one.