After days of silence on the Cambridge Analytica scandal that has rocked his company, Facebook CEO Mark Zuckerberg weighed in March 21—with a lengthy Facebook post. He did not explicitly apologize for jeopardizing the data of 50 million Facebook users, instead saying that the company has long since taken the most important steps necessary to prevent another such debacle.
We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you. I’ve been working to understand exactly what happened and how to make sure this doesn’t happen again. The good news is that the most important actions to prevent this from happening again today we have already taken years ago.
Zuckerberg also said that “at the end of the day I’m responsible for what happens on our platform,” and that there was “a breach of trust between Facebook and the people who share their data with us and expect us to protect it.” (Eleven years ago, when a similar issue took place at his company, Zuckerberg did explicitly say sorry.)
Zuckerberg has been asked by lawmakers in several countries to personally address the issue. He will also appear on CNN later today to further discuss his comments.
Facebook chief operating officer Sheryl Sandberg, who had also been absent since the news broke on March 16, shared Zuckerberg’s post on her own page, adding that she “deeply regrets” that the company did not do enough to deal with the violation of trust.
Although Zuckerberg said Facebook has already taken the necessary steps to prevent similar incidents from happening again, he also outlined some solutions the company will implement in the future. “But we also made mistakes, there’s more to do, and we need to step up and do it,” he wrote.
Among those measures, Facebook will investigate apps that had access to users’ information in the same way Cambridge Analytica did, before Facebook changed its data policies in 2014. If the audit finds that developers misused people’s data, they will be banned, and everyone affected by the apps will be notified.
Facebook will also restrict developers’ access to data—for example, they will lose access to a user’s data if that person hasn’t used their app in 3 months. “We’ll require developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.” Zuckerberg also wrote that Facebook first learned that Cambridge Analytica “may not have deleted the data as they had certified” from The Guardian, The New York Times, and the UK’s Channel 4.
Facebook will also make it far easier to revoke other apps’ permissions to your data. Currently, this is buried deep in a settings page, but will soon sit at the top of users’ News Feeds. The company said in a statement that some of these updates had already been in the works because of the new General Data Protection Regulation (GDPR) going into effect in the European Union in May, which will change the way European companies have to represent the data of their customers.
Here’s Zuckerberg’s full note: