Facebook violated self-imposed data protection requirements

Facebook actually no longer wants to share data with apps that have not been used for more than 90 days. In some cases, however, this has happened.

Facebook has breached a voluntary commitment not to give data to apps that have not been used for more than 90 days. The network admitted this on Wednesday (local time) in a blog entry. After the Cambridge Analytica scandal, this rule was laid down in 2018. However, it has recently been noticed that in some cases apps will continue to receive the data if the app has not been used in the past 90 days. It was the data that had previously been released by the users.

As an example, Facebook cited a fitness app that a user uses to invite his friends from his hometown to a workout. Facebook did not recognize that some of his friends had been inactive for many months and should not have received the notification.

“Based on the data from the past few months that are available to us, we currently assume that this problem enabled around 5000 developers to receive information – such as language or gender – even after 90 days of inactivity”, the blog entry continues. However, no evidence was seen that this problem resulted in information being exchanged that did not match the permissions granted to people when they logged in via Facebook.

Facebook said it closed the gap immediately. “We will continue to investigate the issue and continue to prioritize transparency for major updates.”