Note: This is something I originally published on the New Gatekeepers blog at the Columbia Journalism Review, where I’m the chief digital writer
The Facebook apology tour continues: The company announced on Monday that it had found at least 200 other apps that had access to user data in the same way that the app behind the infamous Cambridge Analytica leak did. A VP at the social network said in a blog post that Facebook is currently trying to determine whether that data was misused, and whether the companies in question deleted it as they were supposed to when Facebook changed the rules around data access by apps in 2014.
If you’re wondering why it took the company four years to run this kind of audit, especially after multiple reports from individuals involved (like the whistleblower who revealed the Cambridge Analytica fiasco), you’re not the only one. Facebook CEO Mark Zuckerberg has said that he’s sorry it wasn’t done sooner, but hasn’t explained why the company didn’t do such an audit earlier.
It’s also not clear whether 200 is the final number of apps that have been suspended as part of this investigation, or whether there are more to come, and the company so far hasn’t identified any of the apps. According to the blog post:
To date thousands of apps have been investigated and around 200 have been suspended — pending a thorough investigation into whether they did in fact misuse any data. Where we find evidence that these or other apps did misuse data, we will ban them and notify people via this website. It will show people if they or their friends installed an app that misused data before 2015
In the Cambridge Analytica case, a seemingly harmless personality quiz designed by researcher Aleksandr Kogan got personal information on more than 85 million users without notifying them, because of the way Facebook was configured at the time—it not only allowed apps access to a user’s data, but also the personal data of all that user’s friends. In 2014, the company changed the rules for such apps so that they can no longer get friend data, and it asked app developers to delete the data they had.
Cambridge Analytica, however, apparently didn’t delete the data that it got from Kogan, and instead used that information to create psychographic profiles of Facebook users based on their likes and other behavior, and then used those profiles to target advertising and other content to Facebook users on behalf of clients like the Trump presidential election campaign. The company has since gone bankrupt, but the key players behind it have reportedly created a similar company called Emerdata.