Facebook Is Changing the Way it Handles Your Data—Here’s How

Facebook released a lengthy update today explaining the ways it plans to change its data practices, in the wake of the Cambridge Analytica scandal, where it believes at least 87 million users’ data was improperly shared with the analytics firm that consulted on the Trump election campaign.

The company’s chief technology officer, Mike Schroepfer, detailed the changes to the various APIs it offers to other companies, in an effort to curtail breaches of trust like this happening again in the future. It’s the largest set of changes to Facebook’s terms of service in years. Here’s what’s changing:

Facebook logins: Facebook is restricting what information apps that use Facebook as a way of logging in can access, including check-ins, likes, photos, posts, videos, events you’re attending, and groups you belong to. Facebook will now make those apps “agree to strict requirements” before they can access that data in the future. Apps no longer have access to other information from your page, like religious or political views, relationship status, education and work history, fitness information, videos you’ve watched or stories you’ve read.

What this means: Apps might break, for now. For example, The Verge reported today that users were struggling to access Tinder, which many joined using their Facebook login information, because of the changes to Facebook’s APIs.

These API restrictions are significant. This feels like the end of the Facebook platform as we know it. https://t.co/AwoBP0Lfac

— Casey Newton (@CaseyNewton) April 4, 2018

Search data: Schroepfer said in his post that “most people on Facebook” could have had any public information on their profile harvested by data companies. Previously, you could search for someone’s profile by typing in their phone number (if it was public), but Facebook has turned this feature off out of fears that companies, or “malicious actors” as Schroepfer calls them, could essentially have turned Facebook into a white pages directory.

What this means: If you want something to be private on Facebook, make sure you’ve set it that way. Or maybe consider whether you need to share every piece of information with Facebook, because effectively anything that’s public on Facebook could now be anywhere.

Call history: Facebook was logging calls and text history of Android users who opted in to use Facebook Messenger or Facebook Lite on their phones. This may have not been clear to many users. Facebook is now going to start deleting logs more than a year old.

What this means: If you have an Android, check to make sure Facebook apps don’t have permission to log your calls if you don’t want them to.

Prior breaches: On Monday, April 9, Facebook will put a banner at the top of your News Feed if it believes you were one of the 87 million people whose data was accessed by Cambridge Analytica.

What this means: People will also be able to bulk-delete any apps they don’t want to gather future data on them, instead of having to go through and delete them one-by-one as we suggested recently. But some of those companies, like Cambridge Analytica, may still have your data, for all that Facebook knows, and there’s really no way to stop it being used to target you with ads. Apart from deleting Facebook, obviously.

Facebook pages: Apps used to manage Facebook pages could read posts and comments posted to the page, but also could “access more data than necessary,” according to Schroepfer. It wasn’t clear what that data was, but it will no longer be accessible to such apps.

What this means: Management apps may struggle to connect to Facebook, in much the same way that apps that use Facebook information for logins would. It’s unclear what changes Facebook will be making. “All future access to the Pages API will need to be approved by Facebook,” Schroepfer added.

Events: Apps connected to Facebook in the past could see who was attending events you hosted or went to, regardless of whether they were private or not. They could also post on the event’s wall on your behalf. Apps will no longer be able to see an event’s guest list or post on its wall.

What this means: Apps you might’ve used for events, like ticketing sites or calendars, might need to be updated to keep working with Facebook.

Groups: Apps currently need permission from a member to access information in groups, and from an administrator to access information in secret groups. In the past, that’s included things like names, profile photos, posts, and comments. In the future, all apps will need administrator approval for access, and they won’t get users’ personal information.

What this means: Much like apps for events or managing pages, apps used to manage groups could break until they’re updated.