Image copyright
Reuters
Facebook says it mistakenly allowed 5,000 developers to gather information from people’s profiles after a time limit on their rights expired.
It is assumed that applications on Facebook cannot access people’s personal data if the application has not been used for 90 days.
But Facebook said the lockout hadn’t always worked due to a flaw in how it logged inactivity.
“We solved the problem the day after we found it,” the company said.
Facebook has not indicated how many users had their personal data deleted.
The collection of personal information from Facebook users by third-party applications was at the center of the Cambridge Analytica privacy scandal that was exposed in 2018.
The Cambridge Analytica Facebook app had collected not only the data of the people who interacted with it, but also those of friends who had not given their consent. The company built a comprehensive and profitable database in the process.
- The Cambridge Analytica story
- Zuckerberg promises Facebook ‘privacy-focused’
Facebook CEO Mark Zuckerberg faced questions before the US Congress about how his company handled users’ personal information, and Facebook introduced its new policy of 90-day app locks later that day. year.
But Facebook now says that the limit did not work properly.
“Recently, we found that in some cases applications continued to receive data that people had previously authorized, even if it appeared that they had not used the application in the past 90 days,” the company said in a statement.
Policy change
Facebook gave an example of the bug in action. He said that if two Facebook friends had used an app, and only one was still using it after 90 days, the app could collect personal information from the inactive friend.
“For example, this could happen if someone were to use an exercise app to invite their friends from their hometown to a workout, but we did not recognize that some of their friends had been inactive for many months,” the company said.
In that example, a user’s hometown would be the personal information in question. Facebook cited language and gender as other examples.
The company said its estimate of 5,000 developers was only based on available data from the past few months.
But he also said that the information delivered, even if it was after the time limit, was only what users gave permission for when they signed into the app in the first place.
In the same blog post, Facebook also announced that it was changing its platform terms and developer policies “to ensure that companies and developers clearly understand their responsibility to safeguard data and respect people’s privacy.”
The faulty time limit in this announcement is the latest in a long line of privacy concerns for the social network.
In November of last year, a flaw in the Facebook Groups feature was revealed. It allowed the collection of some personal data from groups.
Figures announced in January showed Facebook’s annual earnings fell in 2019, for the first time five years, in part due to deals with regulators over privacy concerns.
