Facebook has revealed it has found new "shortcomings" in its data protection systems within the past month and announced new privacy standards after settling a $5bn (£4bn) fine with the US competition watchdog.
Today the Federal Trade Commission confirmed the fine, which had been expected since April, over the way tens of millions of users’ data was harvested by Cambridge Analytica to help Donald Trump’s 2016 election campaign.
Outlining its case against Facebook today, the FTC sharply criticised the social media giant's "deceptive" privacy settings and for "unreasonable" conduct regarding its relationship with third-party app developers. The FTC said Facebook was influenced by "financial benefit" that app developers provided, include those who violated their terms and conditions.
As part of Facebook’s settlement with the FTC, it has agreed a "comprehensive new framework for protecting people’s privacy".
As part of the framework, founder and chief executive Mark Zuckerberg will have to personally sign detailed quarterly reports to verify Facebook’s legal compliance.
Facebook is also going to submit independent privacy assessment to the FTC and institute a board committee dedicated to privacy.
However, there is no mention of when Facebook’s leadership knew that an app developer had transferred data to Cambridge Analytica in violation of its policies.
Christopher Wylie, the Cambridge Analytica whistleblower, told Campaign last year: "Facebook has known about what Cambridge Analytica was up to from the very beginning. They were notified, they authorised the applications, they were given the terms and conditions of the app that said explicitly what it was doing. They hired people who worked on building the app. I had legal correspondence with their lawyers where they acknowledged it happened as far back as 2016."
Old code blamed for new breach
As part of a review of its systems, Facebook’s general counsel Colin Stretch revealed today that it had found "shortcomings in our systems that allowed some partners to continue to access data to provide Facebook features on their products". However, Facebook said it found no abuse.
A statement by Ime Archibong, Facebook’s vice-president of product partnerships, explained that the company had recent found that its codebase had enabled Microsoft and Sony to access limited types of friends’ data.
Archibong explained: "This was old code supporting known experiences for people, such as being able to use Facebook on an earlier generation PlayStation (PS3 or Vita) or to sync their friends’ contact information with another service. Based on our previous commitments, we are ending these partners’ access to friend data immediately. This was our mistake, and we are correcting it."
There was no explicit mention of how Microsoft had access to Facebook user data, but Microsoft Xbox users are, like PlayStation, able to link their Xbox Live accounts to Facebook in order to play games against friends.
FTC outlines Cambridge Analytica misdeeds
The FTC also announced it is suing Cambridge Analytica and filed settlements with its former chief executive Alexander Nix and Aleksandr Kogan, the creator of the This Is Your Digital Life app that was used to harvest the data.
Cambridge Analytica filed for bankruptcy last year, while Nix and Kogan have agreed to an administrative order restricting how they conduct business in the future.
The FTC is alleging that Cambridge Analytica, Nix and Kogan deceived Facebook users by falsely claiming they did not collect any personally identifiable information through a personality survey. The app collected information such as the "likes" of public Facebook pages by the app’s users and by the "friends" in their social network.
During the summer of 2014, the FTC alleges, Kogan, together with Cambridge Analytica and Nix, developed, used, and analysed data obtained from the GSRApp. The information was used to train an algorithm that then generated personality scores for the app users and their Facebook friends.
Cambridge Analytica, Kogan, and Nix then matched these personality scores with US voter records. The company used these matched personality scores for its voter profiling and targeted advertising services. Kogan was then able to re-purpose an existing app he had on the Facebook platform, which allowed the app to harvest Facebook data from app users and their Facebook friends.
In April 2014, Facebook announced it would no longer allow app developers to access data from an app user’s Facebook friends. Facebook, however, allowed developers with existing apps on the Facebook platform to access this data for another year, the FTC said. Between 250,000 and 270,000 users are thought to have been affected.
Facebook's second-quarter financial results will be released after market close in the US West Coast later today, when Zuckerberg and chief operating officer Sheryl Sandberg are expected to address questions from investors.
The Department of Justice has also begun an anti-trust investigation into Big Tech.