This morning, Facebook responded to the ongoing Cambridge Analytica scandal by announcing a series of changes to its privacy settings—essentially making it easier for users to find them, control what they share, and download and delete their data. The company—which came under fire for not doing more sooner to protect the data and for its initial response to the revelations—also committed to changing its terms of service in a way that adds more transparency to its data policy, without giving itself new rights to user’s data.
“The last week showed how much more work we need to do to enforce our policies, and to help people understand how Facebook works and the choices they have over their data,” Erin Egan, vice president and chief privacy officer for policy, and Ashlie Beringer, vice president and deputy general counsel, wrote in a blog post. “We’ve heard loud and clear that privacy settings and other important tools are hard to find, and that we must do more to keep people informed.”
Facebook last implemented changes to its privacy controls and settings in January, when it published for the first time its privacy principles, and shortly afterward launched what it calls Privacy Center, a one-stop shop for controlling privacy settings.
The previous changes were made in advance of Europe’s General Data Protection Regulation, which begins May 28, and requires tech companies operating in the EU to get “unambiguous” consent from users before collecting their data, give those users easy methods for opting out of consent, and give them the right to deny companies using their data for targeting marketing. GDPR also grants users the right to get their data from companies like Facebook. Violations of the new system come with hefty fines, up to 4% of annual turnover.
But clearly those changes were not nearly enough to calm the post-CA churning waters.
It’s been a very tough 11 days for Facebook since the scandal broke. In the wake of news that at least 50 million users’ data made their way to Cambridge Analytica, which in turn leveraged the information to help Donald Trump win the 2016 presidential election, Facebook’s stock has been hammered. As of this writing, it’s down 17.7%, shredding tens of billions in market cap and losing more than double what it had gained during the year so far.
In the meantime, regulators and lawmakers are swirling, lawsuits have been filed, and a burgeoning #DeleteFacebook campaign has taken hold. And everyone noticed that it took days before executives like CEO Mark Zuckerberg or COO Sheryl Sandberg publicly addressed the controversy. All of this has clearly led to frustration in Menlo Park, home to the company’s headquarters. If you looked closely during his CNN interview last week, Zuckerberg looked very tired.
To start with, Facebook has rebuilt the entire settings menu in its mobile apps “from top to bottom.” Rather than spreading settings across a multitude of screens, they’re now located in a single place.
Responding to a flood of feedback that information about privacy, security, and ads should be easier to find, Facebook has designed a new privacy shortcuts menu where users can take more control over their data with a few taps on the screen. It’s also meant to provide easier-to-find, clearer instructions on how Facebook’s controls work.
Via that menu, users will be able to make their account more secure, adding new layers of protection such as two-factor authentication; control their personal information by reviewing what they’ve shared or reacted to, the friend requests they’ve made, and things they’ve searched for within Facebook; and manage who can view their posts and profile information.
Lastly, Facebook is now providing new tools for finding, downloading, and deleting data users have posted. It’s calling the tools Access Your Information, and bills it as “a secure way for people to access and manage their information, such as posts, reactions, and comments, and things you’ve searched for.”
At the same time, Facebook says it’s making it easier for users to download their photos, contacts, posts, and more. “It’s your data, after all,” says Facebook, acknowledging that users should be able to migrate what they’ve created to any service they choose.
The Cambridge Analytica-sponsored data harvest took advantage of a previous feature in Facebook’s API that allowed developers to gather the data of not only an app’s users but their friends too, provided certain settings were enabled. Facebook changed its API in 2014, so that after May 2015, this was no longer possible.
Still, as of this week, as Wired noticed, settings related to that feature were still visible within Facebook’s privacy settings. “[T]he fact that Facebook never bothered to update that critical corner of its privacy settings, years after those changes went into effect, is downright baffling—and speaks to a general a lack of seriousness in the company’s attitude toward data transparency,” the website’s Brian Barrett wrote.
“It’s our responsibility to tell you how we collect and use your data in language that’s detailed, but also easy to understand,” the company’s statement today reads. “In the coming weeks, we’ll be proposing updates to Facebook’s terms of service that include our commitments to people. We’ll also update our data policy to better spell out what data we collect and how we use it.”
Facebook knows that the world is now watching closely how it responds to the Cambridge Analytica scandal, and that its every move will shift its stock price up or down, not to mention restore or further erode users’ faith.