Oops, Facebook did it again. The social network has been handing out user data to third-party developers, after explicitly promising folks it wouldn’t. In a Wednesday blog post, VP of Product Platforms Konstantinos Papamiltiadis revealed that developers are still amassing information long after access should have been cut off.
“We discovered that in some instances, apps continued to receive the data that people had previously authorized,” according to Papamiltiadis, “even if it appeared they hadn’t used the app in the last 90 days”—Facebook’s cut off for sharing information.
It’s unclear exactly how many users were affected; based on “the last several months of data,” the blog estimates “approximately 5,000 developers” have carried on collecting information—including users’ preferred language or gender—beyond three months of inactivity. “We haven’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” Papamiltiadis said, suggesting that explicitly private data remains private.
Facebook is known for its butterfingers when it comes to user records. We all remember the Cambridge Analytica data scandal. Papamiltiadis, meanwhile, has already apologized twice—in December 2018 and November 2019—for similar situations in which third-party companies were given access to user data. “We fixed the issue the day after we found it,” the firm said this week, without revealing any specific dates or time periods. “We’ll keep investigating and will continue to prioritize transparency around any major updates.”
As part of that effort, Facebook on Wednesday introduced new Platform Terms and Developer Policies, shifting the blame to businesses and developers who must “clearly understand their responsibility to safeguard data and respect people’s privacy when using our platform.”