By Ime Archibong, VP of Product Partnerships

Today, we announced our agreement with the US Federal Trade Commission. As part of that agreement, we will be operating under a comprehensive new framework for protecting people’s privacy and the information they give us. The order requires a fundamental shift in the way we work. As a first step under this new framework, we are announcing action that impacts dozens of partners who had access to data to build Facebook experiences or features for their devices that should have been wound down. These features allowed people to connect with their Facebook friends while using other apps or sync their Facebook friends’ contact information in their phone’s address book and calendar.

Here’s the Background

For more than a decade, Facebook has operated under the philosophy that people can have better experiences when their Facebook data is available to them as they use other services. This led us to create partnerships and integrations with companies like Blackberry and Yahoo. We were very open about this. These experiences were widely reported by media, marketed by companies, and used by millions of people.

Since April 2018, we’ve been reviewing the ways in which we enabled people to share data with outside companies. We have proactively undertaken this review in response to the investigation by the FTC and our desire to strengthen privacy protections. This review has been a manual process that involves the examination of millions of lines of code. We’ve explained that this review would likely unearth issues, and we’ve committed to being transparent when we find them.

As part of this effort, we announced in late 2018 the wind down and discontinuation of many of the integrations we built with partners. Recently, a third party alerted us to a bug, which led us to investigate and find that, unfortunately, our codebase had enabled continued data access for some of these partners. Although we have not found evidence that any data was used in violation of our policies, we are restricting their access today.

Of the dozen partners that we identified as continuing to access data, only two, Microsoft and Sony, continued to access limited types of friends data. This was old code supporting known experiences for people, such as being able to use Facebook on PlayStation or to sync their friends’ contact information with another service. (Updated on July 24, 2019 at 9:50AM PT to correct the Playstation example.)  Based on our previous commitments, we are ending these partners’ access to friend data immediately. This was our mistake, and we are correcting it.

Here’s What We’re Doing

As previously announced, we are running a review of apps on our platform and removing significant portions of our existing platform API. In conjunction with this ongoing work, we will continue to take further steps to secure and increase the integrity of the Platform overall, for example:

  • We introduced a new suite of controls for people to manage the apps they use with Facebook.
  • We are rewarding people who alert us to data misuse by app developers on our Platform.
  • We implemented a new review process for every new API or expansion of existing APIs across the company.

This review and the new systems that we build are subject to more rigorous oversight and legal compliance process.

Here’s What to Expect Going Forward

Under the new framework required by the FTC, we’ll be accountable and transparent about fixing old products that don’t work the way they should and building new products to a higher standard. This means we will inevitably find more examples of where our products can be improved — where data access can be restricted — and we’ll work swiftly to address issues when they surface.