App Developers Can Still Access Friend Data, Facebook Staffer Says
Application developers interacting with Facebook still have access to friend data if the linked friends have downloaded the same app, Facebook Privacy and Public Policy Director Steve Satterfield said Wednesday. Developer access to friend data is considered one of the major issues that enabled the Cambridge Analytica privacy breach (see 1804100054 and 1804110065). Friend access allegedly allowed Cambridge University researcher Aleksandr Kogan to take user data from 300,000 people and access information from as many as 87 million users.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
“We haven’t restricted developer access to friend data completely, and developers can still get access to friend data if that friend is also using the app,” Satterfield said at a New America Open Technology Institute event in Washington. “We can help the developer understand the connection by turning over a list of people who are also using this app, so that’s where we’ve drawn the line.” Facebook heard “very loud and clear” privacy concerns surrounding users’ ability to transport friend data, he continued, and the platform is “absolutely open” to other ideas about where to draw the line.
Former FTC Commissioner Terrell McSweeny said consumers have registered surprise about lack of control over their data, and platforms need to put users in the driver’s seat in a more meaningful way. Opt-in consent, with clear guidelines for data access, would be an interesting place to start, she said.
Satterfield suggested platforms, advertisers and developers convene to establish an industrywide code of conduct. The advertising industry had success establishing industry standards with various stakeholders, he said. Sen. Thom Tillis, R-N.C., previously harped on the need for an online platform business code of conduct (see 1805140066).
Rep. David Cicilline, D-R.I., said Facebook providing American and Chinese device makers access to personal data without consent (see 1806050044) raises concerns about the legitimacy of CEO Mark Zuckerberg telling Congress users have complete control of their data. Allowing Facebook users greater data portability, and the option to move all their information to a competing platform, would increase competition, he said before the event. He supported comprehensive privacy changes. Cicilline cited comments from Sen. Richard Blumenthal’s, D-Conn., that antitrust action against Microsoft in the late 1990s was not a popular decision. But such decisions, Cicilline said, are the price of openness and progress.
Tock Chief Technology Officer Brian Fitzpatrick, former head of Google’s Data Liberation Front engineering team, said at the event that user control over data is the foundation for online platforms. McSweeny said the FTC could have a role in developing the road rules for data access, adding the EU’s general data protection regulation provides useful examples.
Satterfield said the aftermath of Cambridge Analytica has focused on restricting developer access to data, but that provides an incomplete picture. While the platform has taken steps to limit that access, Facebook has an app review process in which it weighs the social benefit of the application against the developers’ requests to access user data. Fitzpatrick said the key is to not lock users into using any particular platform.