Facebook founder Mark Zuckerberg has admitted that the social network “made mistakes” that led to millions of Facebook users having their data exploited by a political consultancy.
Cambridge Analytica is accused of improperly using the data on behalf of political clients.
In a statement, Mr Zuckerberg said a “breach of trust” had occurred.
In a later interview with CNN he said he was “really sorry”, and pledged to take action against “rogue apps”.
He added that he was “happy” to testify before Congress “if it’s the right thing to do”.
In his statement posted on Facebook, he promised to make it far harder for apps to “harvest” user information.
“We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” Mr Zuckerberg said.
What has Zuckerberg pledged to do?
To address current and past problems, Mr Zuckerberg said his company would:
- investigate all Facebook apps that had access to large amounts of information before the platform was changed “to dramatically reduce data access” in 2014
- conduct a “full forensic audit” of any app with suspicious activity
- ban any developer that did not agree to a thorough audit
- ban developers that had misused personally identifiable information, and “tell everyone affected by those apps”
In future, he said Facebook would:
- restrict developers’ data access “even further” to prevent other kinds of abuse
- remove developers’ access to a user’s data if the user hadn’t activated the developer’s app for three months
- reduce the data that users give an app when they sign in to just name, profile photo, and email address
- require developers to obtain approval and also sign a contract in order to ask anyone for access to their posts or other private data
Mr Zuckerberg added: “While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn’t change what happened in the past.
“We will learn from this experience to secure our platform further and make our community safer for everyone going forward.”
Analysis by Dave Lee, BBC North America technology reporter, at Facebook’s headquarters
I read one thing loud and clear from Mr Zuckerberg’s initial statement: Facebook is not prepared to take the blame for what has happened.
Contrition has never been Mr Zuckerberg’s strong point, and the statement, days in the making, was no different.
No apology to users, investors or staff over how this incident was allowed to happen by the data policies in place at the time.
No explanation as to why, after learning its data was being abused like this in 2014, it opted to give the companies a telling off instead of banning them outright.
No reasoning as to why Facebook failed to inform users their data may have been affected. Technically, it still hasn’t.
Mr Zuckerberg’s words were not an explanation, but a legal and political defence. This company knows it is heading into battle on multiple fronts.