Back in May, an investigation carried out by New Scientist revealed that a personality quiz app named myPersonality obtained personal information of over 6 million Facebook users since 2011.
"The data was highly sensitive, revealing personal details of Facebook users, such as the results of psychological tests. It was meant to be stored and shared anonymously, however such poor precautions were taken that deanonymising would not be hard," the firm noted.
Data obtained via the myPersonality app were stored and controlled by David Stillwell and Michal Kosinski, two academics at the University of Cambridge, and contained personal details of 6 million Facebook users, half of whom had agreed to share data from their Facebook profiles with the project. The academics then created a database, removed the names of users who took personality tests on the app, and shared the data with hundreds of researchers for academic purposes.
The purpose of removing names of Facebook users from the database was to ensure that the information could not be traced back to the individual user. However, the way such data was shared and how access to it was controlled signified that anyone could gain access to it by conducting a simple search on the web.
According to New Scientist, more than 280 people from nearly 150 institutions, including researchers at universities and at companies like Facebook, Google, Microsoft and Yahoo registered as collaborators in the project to access the database. Even Alexander Kogan, the developer behind the much-maligned thisisyourdigitallife app, was registered as a collaborator until the summer of 2014.
Following New Scientist's revelation, Facebook suspended the myPersonality app and promised that if the app owners refused to cooperate or failed an audit, the app would be banned from its platform.
myPersonality refused Facebook's request to audit
On Wednesday, Facebook announced that it finally banned myPersonality as the app owners refused to cooperate with its request to audit and because Facebook was convinced that the app shared personal data of users with researchers as well as companies with only limited protections in place.
"We will notify the roughly 4 million people who chose to share their Facebook information with myPersonality that it may have been misused. Given we currently have no evidence that myPersonality accessed any friends’ information, we will not be notifying these people’s Facebook friends. Should that change, we will notify them," the social media giant added in a blog post.
"We have suspended more than 400 due to concerns around the developers who built them or how the information people chose to share with the app may have been used — which we are now investigating in much greater depth," it added.
Facebook hits the ground running
Following the Cambridge Analytica scandal where an app named thisisyourdigitallife was used to collect Facebook data of up to 87 million people and such data was then shared by data analytics firm Cambridge Analytica with political parties, Facebook promised to implement a slew of measure to better protect the privacy of millions of its users and to assure users that it did care about their right to privacy.
Facebook CEO Mark Zuckerberg announced in a blog post that not only did Facebook ban both Kogan ( the creator of thisisyourdigitallife app) and Cambridge Analytica from using its services, it also took steps in 2014 to dramatically limit the data apps could access, and this move stopped apps from collecting data belonging to a person's friends unless their friends had also authorized the app.
Zuckerberg also said that Facebook will restrict developers' data access even further to prevent other kinds of abuse. These steps will include removing developers' access to a user's data if the user hasn't used an app in three months, restricting the data that a user has to provide to an app during the sign-up process to only name, email address, and a profile photo, and requiring developers to not only get approval but also sign a contract in order to ask anyone for access to their posts or other private data.