5000 apps received user data: Facebook violates its own requirements

In 2018, the Cambridge Analytica scandal revealed that Facebook was disclosing user information without authorization. The online network then committed itself to data protection – and now claims to violate the self-imposed conditions.

Facebook has violated a voluntary commitment to no longer give data to apps that have not been used for more than 90 days. The network admitted this on Wednesday (local time) in a blog entry. After the Cambridge Analytica scandal, this rule was laid down in 2018. However, it has recently been noticed that in some cases apps continue to receive the data if the app has not been used in the past 90 days. It was the data that had previously been released by the users.

As an example, Facebook cited a fitness app that a user uses to invite his friends from his hometown to a workout. Facebook did not recognize that some of his friends had been inactive for many months and should not have received the notification.

"Will investigate further the problem"

"Based on the data from the past few months that are available to us, we currently assume that this problem enabled around 5000 developers to receive information – for example on language or gender – even after 90 days of inactivity," says the Blog entry next. However, no evidence was seen that information was exchanged that did not match the permissions granted to people when they logged in on Facebook.

Facebook said it closed the gap immediately. "We will continue to investigate the issue and continue to prioritize transparency for major updates."

In the Cambridge Analytica scandal, the developer of a survey app illegally passed information from Facebook users on to Cambridge Analytica, which later worked for the campaign team of the later US President Donald Trump, among others. It was not just about the data of around 300,000 survey participants, but also about their Facebook friends.

. (tagsToTranslate) economy (t) Facebook (t) data protection