Next steps for advertisers after the Cambridge Analytica Facebook breach

by Traci Hendrix, 26 Mar 2018

You may or may not have heard of the recent breach within Facebook. While the platform has always promised user data security, threats never fail to find a loophole. We’ve worked with facebook to pull the most recent information in the event that a client is impacted. Facebook analysts will be alerting people if they are affected, and they will keep us in the loop as things progress and new protection measures are put in place. At the moment, there is no immediate action to take. Looking ahead, Facebook makes some encouraging promises to better protect user information, inspired by the new GDPR (General Data Protection Regulation) being enforced in Europe. Below you will find the note directly from our Facebook reps. Two out of six of the promises Facebook makes go toward helping users manage their own data security. The other four are upcoming changes to Facebook.


From Facebook:

Protecting people's information is the most important thing we do at Facebook. We have a responsibility to everyone who uses Facebook to make sure his or her privacy is protected.

What happened with Cambridge Analytica was a breach of the trust people place in Facebook to protect their data when they share it. We need to fix that. As Mark Zuckerberg explained in his post, we are announcing some important changes to take action on potential past abuse and to help prevent future abuse of our platform.

In 2007, we launched the Facebook Platform with the vision that more apps should be social. With this in mind, we allowed people to log into apps and share who their friends were and some information about them. Over the years, we've introduced more guardrails, so that the level of information obtained by Kogan's app is no longer possible. Even before learning about Kogan's activities, we updated our platform three years ago to limit the data people can share about their friends with developers. In addition, in 2014, we began reviewing apps that request certain data before they could launch, and introducing more granular controls for people to decide what information to share with apps.


But we know we need to do more, and we are making further changes to our product, policies and processes. We're going to set a higher standard for how developers build on Facebook, and what people should expect from them and, most importantly, from us. 


We will:

  1. Review our platform. We will investigate all apps that had access to large amounts of information before we changed our platform in 2014 to reduce data access, and we will conduct a full audit of any app with suspicious activity. If we find developers that misused personally identifiable information, we will ban them from our platform.
  2. Tell people about data misuse. We will tell people affected by apps that have misused their data. This includes building a way for people to know if their data might have been accessed by Kogan's app “thisisyourdigitallife.” Moving forward, if we remove an app for misusing data, we will tell everyone who used it.
  3. Turn off access for unused apps. If someone hasn't used an app within the last three months, we will turn off the app's access to their information.
  4. Restrict Facebook Login data. We are changing Login, so that in the next version, we will reduce the data that an app can request without going through login review to include only name, profile photo, and email address. Requesting any other data will require our approval.
  5. Encourage people to manage the apps they use. We already show people what apps their accounts are connected to, and what data they've permitted those apps to use. Going forward, we're going to encourage people to check their settings, and work to make these choices more prominent and easier to manage.
  6. Reward people who find vulnerabilities. We will expand Facebook's bug bounty program so that people can also report to us if they find misuses of data by app developers.


There's more work to do, and we'll be sharing details in the coming weeks about additional steps we're taking to put people more in control of their data. Some of these updates were already in the works, and some are related to new data protection laws coming into effect in the EU. This week’s events have accelerated our efforts.


Developers will have time to account for these changes, so there is no immediate action required at this time. These changes will be the first of many we plan to roll out to protect people's information and make our platform safer.


You can learn more on our Newsroom blog.


Future DRUM Updates on Facebook and Other Marketing Concerns

Our social media marketing and business intelligence departments will continue to monitor how breaches, user privacy concerns, ad-blocking and other issues impact advertisers. Here are a few more things to consider about your advertising and marketing platforms:


To be notified when these articles come out, sign up for our newsletter and check the box labeled Notify me of new blog posts.