Facebook founder Mark Zuckerberg is admitting his platform failed to protect the data of its users and is planning to audit all apps that "had access to large amounts of information" before 2014.
His comments come while the social media platform is under a siege of criticism over a data information scandal involving the technology firm, Cambridge Analytica, that was recruited to work on the Donald Trump campaign and had also hoped to work on the Brexit campaign in the United Kingdom. The scandal has resulted in Facebook's stock plummeting, losing eight per cent of its value or $35 billion since the beginning of the week.
"I've been working to understand exactly what happened and how to make sure this doesn't happen again," he said in a message posted on his Facebook page, his first major public comment since the scandal was reported over the weekend by the Guardian in the UK and the New York Times. "The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it."
The company had previously denied that there was any breach of Facebook data, but Zuckerberg was singing a different tune in his statement on Wednesday as he outlined what was uncovered in the media reports about a Cambridge University researcher, Aleksandr Kogan, who gathered the Facebook user data through a personality quiz app. The tactics were uncovered by media outlets after a Canadian whistleblower who worked on the strategy, Christopher Wylie, came forward to reveal what they had done.
"This was a breach of trust between Kogan, Cambridge Analytica and Facebook," Zuckerberg said in his statement. "But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that."
Zuckerberg said Facebook had implemented restrictions in 2014 when it started cracking down on developers using apps, but he also confirmed new measures, including the audit, that would extend to any app with suspicious activity.
"We will ban any developer from our platform that does not agree to a thorough audit," he said. "And if we find developers that misused personally identifiable information, we will ban them and tell everyone affected by those apps. That includes people whose data Kogan misused here as well."
He also said that Facebook would restrict developers' access "even further" to prevent other types of abuse. This could include removing access to data from any app that has not been used by someone for three months.
"But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it," Mark Zuckerberg said in a message posted on his Facebook page. "We need to fix that." #CambridgeAnalytica
"We will reduce the data you give an app when you sign in -- to only your name, profile photo, and email address," Zuckerberg continued in the message. "We'll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data. And we'll have more changes to share in the next few days."
He also said that Facebook would introduce a new tool at the top of a user's news feed to list all of the apps a person has used, giving a new and simpler option to remove permissions or access to data.
"I started Facebook, and at the end of the day I'm responsible for what happens on our platform," Zuckerberg said. "I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone going forward."
"I want to thank all of you who continue to believe in our mission and work to build this community together. I know it takes longer to fix all these issues than we'd like, but I promise you we'll work through this and build a better service over the long term."
Editor's note: This article was updated at 5:45 p.m. ET on March 21 to clarify that Cambridge Analytica says it didn't work on the Brexit campaign.