05/04/2018 13:19 BST

Mark Zuckerberg Promised Privacy Reform. But Here's What Facebook Has Actually Delivered

Has the site lived up to its word?

When Facebook’s Cambridge Analytica scandal broke, the company’s CEO Mark Zuckerberg posted a long statement on the social network explaining what went wrong – and promised he would take steps to help protect user data.

The scandal saw up to 87 million people’s data being inappropriately used by the firm Cambridge Analytica. The company gained access to this data through a Facebook quiz which, back in 2013, was allowed to collect data on not just the people taking part in the quiz but their friends too. Facebook closed this loophole in 2014 and ordered CA delete the data. Then in March 2018 the Observer revealed that it believed Cambridge Analytica had not deleted the data as instructed.

After weeks of questions and concern – including summons from the UK and US government – Facebook finally published a blog post last night highlighting the changes they will be bringing in.

From restricting the access developers have to user data, to fundamentally removing entire features from Facebook’s data-collecting policy – we cut through the noise and break down exactly what Facebook promised to do, and what they are actually delivering.


Zuckerberg: “we will restrict developers’ data access even further to prevent other kinds of abuse. For example, we will remove developers’ access to your data if you haven’t used their app in 3 months.” 

In his statement after the scandal Zuckerberg said the site would remove developers’ access to your data if you haven’t used their app in 3 months.

Facebook has now confirmed that it would, beginning on the 9th April, start removing a developers’ ability to request data about you if you haven’t used their app within that time frame.


Zuckerberg: “We will reduce the data you give an app when you sign in ― to only your name, profile photo, and email address.”

This will be implemented, according to Facebook’s blog post on Wednesday, however the changes have only started coming into effect from 4th April.


Zuckerberg: “We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.”

Facebook has actually gone slightly above and beyond this promise. In its latest update the platform confirmed that it will require your explicit approval to access anything more than your name, profile photo or email.

It also confirmed that even if you give approval, no app will be allowed to ask for the following: religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity.

This is perhaps the most significant change as it now safeguards against any company’s ability to use this information to then target either adverts or politically-motivated messages to you, as was suggest in the Cambridge Analytica scandal.


Zuckerberg: “In the next month, we will show everyone a tool at the top of your News Feed with the apps you’ve used and an easy way to revoke those apps’ permissions to your data.”

Facebook has actually already rolled out a new feature that allows you to bulk delete any apps that you may have added when you were younger, or that you feel uncomfortable about. Unfortunately, it’s not easy to find and is still buried under many of different settings pages.

But now Facebook says that starting on 9th April, everyone will see a special message appear at the top of their News Feed that will either give them a link to go straight to their messages OR will inform them if they are one of the 87 million people that may have had their data collected by Cambridge Analytica.


And here’s everything else Facebook says it’s doing:

In addition to the changes Mark Zuckerberg explicitly mentioned, the company has also announced some other changes to how it handles your private data across Facebook, Instagram and Messenger.

  • Call and text history: If you used Messenger or Facebook Lite on Android you had the option of handing over your call and text history. This was used to list the people you talk to the most at the top of the app. It never looked at the contents of messages and in future Facebook will only collect enough call information to provide this feature it won’t collect the time or duration of the calls.

  • Events: Say you’ve agreed to attend a friend’s event on Facebook. In the past if you wanted to add that to a calendar app on your phone that app could not only see who else was attending to that event but the posts on the event page. Apps will no longer be able to access the guest lists of events or the posts on that page.

  • Groups: If you’re the admin of a group on Facebook you might be using an app to help you post within the group. In the past apps have only needed the permission of anyone within a closed group to access the data within it and if it’s a secret group it only needed permission form an admin. In future any app that wants to access a group of any kind will need permission from Facebook and an admin. They will also no longer have access to the member list, names and profile photos.

  • Instagram: Third-party apps will no longer have access to your follower/following lists, likes, relationships and public comments. It will also no longer be able to get notified when you post something new on Instagram.

  • Partner Categories: This was a tool that allowed advertisers to combine Facebook’s data with the data of another company (such as Experian in the UK) and then target ads to you using all that information. This is now being shut down globally, although it’s important to note that the EU’s new GDPR legislation was already forcing Facebook to stop this activity across Europe.