Facebook and privacy just don’t go together, as has been proven by the countless occasions where the platform has slipped up. However, the latest debacle, where the company let 5,000 app developers siphon off data of inactive users way past the 90 months expiration date, will take the cake for being the most threatening display of negligence, at least for this week.
However, we still have 3 days left, so who can be sure?
Cambridge Analytica, and the uproar it caused, was a wake up call for the company. It had 2 choices. It could have either lost all its goodwill in the market, with bad faith slowly turning the platform into history, or it could tweak its privacy settings. It’s fair to say, making the choice wasn’t that hard, and in 2018, Facebook brought a change to how it handles data of inactive users.
The company said that after a 3 month period, users who have been absent from the platform will have their data become off limits to app developers. The developers could no longer access said data, unless the user comes back to the platform and gives the permission to do so, once again. However, as it turns out, the company did not actually follow through as rigorously as it should have, and now, user data is in jeopardy, once again.
The way this latest loophole was exploited is almost too reckless. While the company made sure that no user data was sent to developers directly, the indirect channels were not plugged off. While inactive user data was not allowed to slip every time, it happened at various other instances, which were not a part of the direct sending of data. “For example, this could happen if someone used a fitness app to invite their friends from their hometown to a workout, but we didn’t recognize that some of their friends had been inactive for many months,” Facebook said in its blog post.
The company tried to defend itself by saying that it “hasn’t seen evidence that this issue resulted in sharing information that was inconsistent with the permissions people gave when they logged in using Facebook,” but the question lingers: ‘Is that enough?’
The company added that it has now fixed the issue, which according to its estimates, this issue enabled approximately 5,000 developers to continue receiving information including language or gender.
Facebook has added the opportunity for developers to access some parts of a user’s profile, so that they can log into the app with just a single tap, a feature many of us love. This subset of a profile, can give developers access to email, user likes, gender, location, birthday, age range, and other crucial data that needs to be handled responsibly.
The company also said that it was introducing new Platform Terms and Developer Policies to “ensure businesses and developers clearly understand their responsibility to safeguard data and respect people’s privacy when using our platform.”
These new terms would effectively limit the amount of information developers can share with third parties without explicit consent from people. “They also strengthen data security requirements and clarify when developers must delete data,” the company added.