ar130405 - Fotolia

Facebook announces more privacy control updates

Social media giant updates privacy settings and tools in response to the unfolding controversy over Cambridge Analytica’s use of Facebook data for political campaigns

In further response to the controversy surrounding Facebook’s data sharing agreement with London-based data mining firm Cambridge Analytica, the social networking giant has announced further steps to improve privacy controls.

Facebook is counting the cost of losing users’ and investors’ trust, with tens of billions of dollars wiped off the company’s value since news of the scandal broke.

In addition to the announcements by Facebook CEO and founder Mark Zuckerberg that the company will crack down on abuse of the platform, strengthen its policies and make it easier to revoke apps’ ability to use personal data, the company has announced that it is taking steps to put users more in control of their privacy.

“Last week showed how much more work we need to do to enforce our policies and help people understand how Facebook works and the choices they have over their data,” the company’s chief privacy officer Erin Egan and deputy general counsel Ashlie Beringer said in a blog post.

“We’ve heard loud and clear that privacy settings and other important tools are too hard to find and that we must do more to keep people informed,” they added.

Facebook claims most of the updates have been “in the works for some time”, adding: “Events of the past several days underscore their importance.”

According to Facebook, the settings menu on mobile devices has been redesigned to make data settings and tools easier to find, and so instead of having settings spread across nearly 20 different screens, they are now accessible from one place.

Facebook also claims to have cleaned up outdated settings, so it is clear what information can and cannot be shared with apps, and there is a new privacy shortcuts menu for controlling personal data.

The new menu enables users to:

  • Make accounts more secure by adding two-factor authentication.
  • Control personal information by being able to review and delete what has been shared.
  • Manage and control the information Facebook uses to determine what ads are shown to users.
  • Manage who sees posts and profile information.
  • Find, download and delete Facebook data using the Access Your Information option.

Acknowledging a responsibility to tell users how Facebook collects and uses personal data, the company said it plans to propose updates to Facebook’s terms of service that include the firm’s commitments to its users.

“We’ll also update our data policy to better spell out what data we collect and how we use it,” the blog post said. “These updates are about transparency – not about gaining new rights to collect, use or share data.” It added that the firm has worked with regulators, legislators and privacy experts on the tools and updates.

Julian Saunders, CEO and founder of data management company, said Facebook’s proposals to give users more control over their data should be welcomed, but should also seen in the context of the EU’s General Data Protection Regulation (GDPR). 

“You could argue that Facebook is simply doing what it is already legally obliged to do to comply with the GDPR in Europe, but it is hard to see how these changes tackle the main issue of third parties misusing personal information collected on Facebook,” he said.

Although privacy control improvements may boost consumer confidence in Facebook, Saunders is sceptical about whether the changes will tackle some of the fundamental privacy and data control problems built into Facebook’s platform. 

“Moves to improve transparency over how data is used and to increase control over personal information should always be supported,” he said. “However, we are working off a very low base. Perhaps the most interesting aspect of Facebook’s proposed privacy update is that it may make the GDPR the global standard for data privacy – which would be fantastic news for consumers.”

Read more about Facebook and privacy

Other measures Facebook has announced in the wake of the Cambridge Analytica data misuse scandal include improvements to its bug bounty program that will incentivise and reward security researchers for hunting down third-party Facebook apps that misuse user data.

Facebook’s bug bounty program will expand so that people can also report to us if they find misuses of data by app developers,” said Ime Archibong, vice-president of partnerships at Facebook, in a blog post.

“We are beginning work on this and will have more details as we finalise the program updates in the coming weeks.” 

Responding to the announcement around the bug bounty program, Ilia Kolochenko, CEO of web security firm High-Tech Bridge, said the changes represent an “exciting shift” in the bug bounty industry, which had previously focused on security vulnerabilities.

“Facebook is the first major company that is asking for researchers to identify data privacy issues,” he said. “With the GDPR coming into force in a couple of months, data privacy is now high on many organisations’ agendas.”

According to Kolochenko, Facebook has shown the impact of a data privacy breach, and this may spur other organisations to seek security researchers’ help to avoid the severe sanctions for privacy violations. “Bounty payments for privacy issues is a very good idea as companies can leverage the crowd,” he said.

Since news of the data exploitation scandal emerged, Facebook has also paused all third-party app reviews on the platform, pending changes to app permissions to prevent any type of future user data misuse.

The company has announced that any app that requests access to a user’s Facebook friends list will undergo a manual review, during which Facebook engineers will decide whether the app is entitled to request this permission from the user.

Facebook has also undertaken to investigate all apps that had access to large amounts of information before it changed its platform in 2014 to reduce data access, conduct a full audit of any app with suspicious activity, and ban developers from the Facebook platform if any of their apps misuse data.

Read more on Privacy and data protection

Data Center
Data Management