Facebook API changes in the aftermath of the Cambridge Analytica Crisis

by eightandfour

Following their announcement at the end of March about cutting access to third party data for ad targeting, Facebook is now changing the way they are handling users’ data.

 

Facebook cuts off data brokers                   

On March 28th, Facebook announced that that they will terminate their Partner Categories feature, which was launched in 2013 as an endeavour to break down its userbase into relevant segments for Advertisers. This decision was part of a wider effort by the company to clear up its data practice given heavy criticism from its users, investors and advertisers, in the wake of the Cambridge Analytica privacy scandal.

In order to leverage the deep pool of data Facebook gathers on users, the company mixes information provided by users themselves with information gained from advertisers and with data obtained from third party data aggregators.

While Facebook stands behind the integrity of its data sourcing within the first two categories, the company is concerned about its relationship with these third-party data providers, companies such as Acxiom, Experian, Oracle Data Cloud, TransUnion and WPP PLC.

Changes in the way data is handled

 On April 4th Facebook released a lengthy statement detailing the changes that will be made to the myriad APIs it provides to other companies, in an effort to prevent breaches of trust happening again in the future. The update came only 6 days after the Partner Categories dissolution announcement and it has been the largest set of changes to the platform’s terms of service in recent years.

 

Here are the updates:

 Facebook logins

Facebook is restricting the information apps that use the platform as a way of logging in access, including check-ins, photos, posts, likes, videos, events you’re attending, and groups you are part of. Facebook will now ask those apps to ‘agree to strict requirements’ prior to accessing data in the future. Companies that fail to adhere to these new ‘strict requirements’ will be banned from Facebook.

Search Data

Mike Schroepfer, Chief Technology Officer at Facebook, said in his update that ‘most people on Facebook’ could have had any public information on their profile collected by data companies. Such data includes phone numbers, which would immediately make someone’s profile pop up in the searches if public. This feature was ultimately switched off by Facebook.

 Call history

This change concerns Android users who preferred to use Facebook Messenger or Facebook Lite on their phones, allowing Facebook to login calls and text history. The company is now going to proceed deleting logs older than a year.

Prior breaches

On Monday, April 9, Facebook started to place a banner at the top of users’ News Feed if it considered they were one of the 87 million people whose data was shared with Cambridge Analytica.

 Facebook pages

Apps that used to manage Facebook pages were able to read posts and comments on the page, but also could “access more data than necessary,” according to Schroepfer. Although fairly unclear what that data was, apps will no longer have access to it. “All future access to the Pages API will need to be approved by Facebook,” Schroepfer added.

Events

Previously, apps linked to Facebook had visibility to who was attending the events they hosted or attended, regardless of whether they were private or not. These apps will no longer be able to check an event’s guest list or see post on its wall.

Groups

Apps currently need permission from a member to access information in groups, and from an administrator to access information in secret groups. Previous to the new updates released by Facebook that included things like people’s names, profile pictures, posts and comments. Moving forward, all apps will require approval for access, and they will no longer be able to access users’ personal information.

 

Following the Cambridge Analytica scandal and ahead of the looming arrival of General Data Protection Regulation (GDPR) Facebook is under high scrutiny from regulators and legislators around the world. While these changes are a promise to Facebook’s users that they have full control over their data protection, they represent a serious challenge for advertisers and Facebook’s strategic partners.