Back in 2018, in the midst of the furor surrounding how Cambridge Analytica had allegedly utilized Facebook data to manipulate voter actions in various elections, many of the key questions related to Facebook's lax protection measures, which had enabled organizations like CA to access the platform's vast data banks in the first place.
Facebook responded to this, instituting a new app review system and new limits on data access via its APIs. And now, Facebook has announced the next stage in this process, with a new, annual 'Data Use Checkup' which all apps that use Facebook's APIs will be subjected to going forward.
As per Facebook:
"Today, we are announcing early testing of Data Use Checkup, a new annual process for developers to ensure API access and data use comply with the Facebook Platform Policy. Developers enrolled in testing should complete this request for each of their apps within 60 days, or risk losing their API access."
Right now, testing is limited, and Facebook is also working to avoid putting undue stress on organizations that are also dealing with the impacts of the COVID-19 shutdowns around the world. But eventually, all apps will need to submit to checking once per year, to ensure that they're not misusing Facebook's data for purposes outside of the scope of their agreements.
The process is a beefed-up version of Facebook's existing App Review system - under App Review, developers need to justify their usage of Facebook's API tools in accordance with platform policies, and submit such for review by Facebook. Data Use Checkup is a self-service tool, which all developers will soon be required to undertake in order to continue using Facebook's data.
As noted, it's another check to avoid another Cambridge Analytica-type situation, where organizations are using Facebook data without permission, and for purposes outside the regulations, as per Facebook's terms. Definitely, Facebook has strengthened its systems in this respect. It remains to be seen whether all of this type of misuse has been eliminated by these enhanced actions - but as with CA, a big part of the problem is that once that data is out, it can be used in various ways, and it's impossible to ever get it back.
Basically, even with these measures in place, Facebook's data set that CA was using is still in circulation, and is still relevant for most purposes. That will always be the risk of such data - once it gets leaked, it's too late, there's no amount of measures you can put in place to drag it all back and stop misuse.
That's also the critical flaw with each of these updates - while they do add to Facebook's security, we won't know that they've been totally effective until it's too late.
Still, it puts another check in place to monitor use of Facebook's API, and another layer to its security process.