Mark Zuckerberg has finally spoken.
After days of being seemingly MIA in the wake of the Cambridge Analytica controversy, Facebook’s CEO finally weighed in on the matter. He may not have apologized, but he announced significant policy changes that will substantially change what developers can do with personal data.
Facebook says it will restrict the data developers can access if the app hasn’t been vetted. Even if an app has been vetted, it will no longer be able to access users’ data if they haven’t used the app for three months.
And, for the the first time, the company will actually investigate apps that have abused its policies and take steps to notify users.
While many people are rightly questioning whether these changes are too little too late, it’d be wrong to write them off entirely.
First, it’s important to note that nothing can undo the enormous amount of damage that’s already been done. It’s now more clear than ever that Facebook royally fucked up with regard to its platform policies.
The inherent vulnerabilities in Facebook’s platform guidelines meant that one company could access millions and millions of people’s data with alarming ease. That Cambridge Analytica nabbed data on 50 million people says less about their savvy and more about Facebook’s shocking disregard for users’ privacy.
Nothing can undo the damage that’s already been done
This isn’t limited to Cambridge Analytica, by the way. It may be getting the bulk of the attention at the moment, but its tactics were commonplace for years and Facebook did next to nothing to curb bad behavior. A company called Profile Engine was able to glean details of 420 million Facebook users in 2011, according to The Wall Street Journal. Think about that — one company could get info on nearly half a billion people.
No matter how drastically Facebook changes its policies now, it simply can’t change what’s already out there. Sure, it can ban developers who have engaged in suspicious behavior in the past, but what if they’ve already sold it to a third party? What if the company isn’t even around anymore? What happened to the troves and troves of data they gathered after they shut down their quiz app, Farmville knockoff or whatever is anyone’s guess, but you can bet it’s still out there somewhere.
Where Facebook actually can make a difference is by making people aware of just how bad this privacy nightmare is, which is what Zuckerberg said the company plans to do. Facebook says it will conduct an audit and notify users whose data has been misused, including by Cambridge Analytica.
Again, this won’t “fix” anything, but it will go a long way toward raising awareness. For too long, we’ve been content to hit “login with Facebook” without considering the consequences. If Facebook can play a proactive role in that education, it could improve our digital health in the long term, even if it can’t undo the abuses of the past.
What’s more, we shouldn’t understate the significance of Facebook’s proposed stricter developer guidelines. Facebook’s entire business model depends on its ability to use our data to sell us ads. The more data it can offer advertisers (and developers, for that matter) the more it profits. Locking down that data collection could significantly impact its bottom line.
Other changes are more philosophical, like offering a bug bounty for apps that misuse data, and restricting Facebook Login data. Where the social network was once content to let anyone build anything, they’re now taking a more active role in policing developers.
To be clear, these are seemingly obvious safeguards Facebook should have had in place all along. (It was only four years ago that the social network pledged to put “people first,” a claim that now seems disingenuous at best.) And we shouldn’t blindly trust that Facebook will enforce these new polices any better than it did with its old ones.
But, if the company can follow through on its promises of greater transparency and more stringent controls for third parties (and let’s not underestimate how motivating a factor the looming threat of government regulation can be), then Facebook will have at least plugged the most glaring holes in its platform.
That may not be enough to earn back whatever credibility the company had, but it’s a good place to start.