"We have a responsibility to protect your data, and if we can't, then we don't deserve to serve you. I've been working to understand exactly what happened and how to make sure this doesn't happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up and do it," Zuckerberg wrote in a post shared to Facebook on Wednesday.
The question of user date being questionably accessed, Zuckerberg details, goes back to 2007 when Facebook "launched the Facebook Platform with the vision that more apps should be social. Your calendar should be able to show your friends' birthdays, your maps should show where your friends live, and your address book should show their pictures. To do this, we enabled people to log into apps and share who their friends were and some information about them."
Several years later, in 2013 to be exact, "a Cambridge University researcher named Aleksandr Kogan created a personality quiz app. It was installed by around 300,000 people who shared their data as well as some of their friends' data." Zuckerberg explained that "given the way our platform worked at the time this meant Kogan was able to access tens of millions of their friends' data."
The very next year, Zuckerberg says, "to prevent abusive apps, we announced that we were changing the entire platform to dramatically limit the data apps could access. Most importantly, apps like Kogan's could no longer ask for data about a person's friends unless their friends had also authorized the app. We also required developers to get approval from us before they could request any sensitive data from people. These actions would prevent any app like Kogan's from being able to access so much data today."
"In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica," Zuckerberg adds. "It is against our policies for developers to share data without people's consent, so we immediately banned Kogan's app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications."
This bring us to last the first week of March 2019, when Zuckerberg says Facebook "learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified. We immediately banned them from using any of our services. Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We're also working with regulators as they investigate what happened."
He then acknowledges that while "this was a breach of trust between Kogan, Cambridge Analytica and Facebook...it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that."
Zuckerberg explains that Facebook is already working on ways to prevent user data from being accessed through questionable methods in the future, which includes investigating "all apps that had access to large amounts of information before we changed our platform to dramatically reduce data access in 2014," restricting "developers' data access even further to prevent other kinds of abuse," and showing "everyone a tool at the top of your News Feed with the apps you've used and an easy way to revoke those apps' permissions to your data."