Facebook Adds Data Abuse Bounty, New Access Rules for Apps
While Mark Zuckerberg took questions from Senators, Facebook continued to implement changes in the wake of the Cambridge Analytica scandal.
To recap, Facebook has even provided a handy timeline of their updates:
The latest update, as noted at the bottom of the above chart, is the addition of a new Data Abuse Bounty program, through which Facebook will offer financial rewards to users who help them identify businesses which are misusing Facebook-originated insights.
Facebook has had a similar program for bugs in place for years, incentivizing users to identify security flaws and issues. The Data Abuse Bounty will work in the same way – if you become aware of any “apps collecting user data and passing it off to malicious parties to be exploited”, you can submit it for Facebook to investigate.
Punishments for such misuses include:
- Termination of the application from our Platform
- Initiation of a forensic audit of related systems
- Legal action against the company and any relevant parties
As noted, the announcement came at the same time as Facebook CEO Mark Zuckerberg faced questions from the US Senate, in which Zuckerberg admitted that they should have taken action on Cambridge Analytica sooner. The Data Abuse Bounty is designed for this purpose, tapping into the broader knowledge base of the Facebook community to help them detect potential issues.
“This program will reward people with first-hand knowledge and proof of cases where a Facebook platform app collects and transfers people’s data to another party to be sold, stolen or used for scams or political influence. Just like the bug bounty program, we will reward based on the impact of each report. While there is no maximum, high impact bug reports have garnered as much as $40,000 for people who bring them to our attention.”
In addition to the Data Abuse Bounty, Facebook’s also announced changes to user access permissions, which will mean that app developers need to re-affirm permissions from users every 90 days if they want to keep using that access.
“All access tokens need to be renewed every 90 days with the consent of the person using your app. This means that every 90 days you must send a person through the Facebook Login process, and the person must agree to specific data permissions by tapping the “continue” button.”
That could prove problematic for some developers, but it will give Facebook another way to ensure data is not being accessed without permission, and that users are aware of which companies and developers are potentially using their information (and what information, specifically, they’re sharing).
Facebook has also rolled out a new tool which informs users if their data was accessed by Cambridge Analytica.
The measure is designed to give users full transparency over if, and how, they could have been impacted by the company’s practices.
These are just the latest measures in Facebook’s broader effort to reassure the public that they are taking the issue seriously, and that using Facebook is safe. Zuck and Co. may have an uphill battle in this regard, but they do appear to be taking every conceivable action in the circumstances - there’s not a lot more Facebook can do in response to the concerns.
Of course, the issues remains that once the data is out there, it’s out there - you can’t take back those insights and ensure that no one else has access. As we’ve noted previously, there are also the wider concerns about big data collection and misuse from companies outside of Facebook, and as demonstrated in Zuckerberg’s testimony, there’s still a lot of misunderstanding from political officials and lawmakers as to how such processes operate.
Facebook’s doing all it can, but given the current state of play, it’s hard to believe there won’t be more Cambridge Analytica-type controversies in future.
Will that make users more wary of social in general? Will it make them less likely to click on social ads?
The data’s not in yet, but you can expect this to be the start of a new shift.
Follow Andrew Hutchinson on Twitter