Facebook founder Mark Zuckerberg has admitted the social media giant “made mistakes” over the Cambridge Analytica scandal.
In his first public statement since the controversy erupted, the Facebook CEO said a “breach of trust” had occurred between it and its users.
Mr Zuckerberg said: “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you.”
Facebook has been rocked in recent days by a row involving election consultants Cambridge Analytica, who are accused of using the platform’s data on more than 50 million Americans to help Donald Trump’s US presidential campaign target political ads on the platform.
Facebook’s settings at the time allowed app developers to access the personal data of not just the people who used their app, but of all of their friends as well.
Mr Zuckerberg said Facebook has already taken the most important steps to prevent such a situation from happening again.
He said Facebook will ban developers who do not agree to an audit, and an app’s developer will no longer have access to data from people who have not used that app in three months.
In his Facebook post, Mr Zuckerberg said: “In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica.
“Last week, we learned from The Guardian, The New York Times and Channel 4 that Cambridge Analytica may not have deleted the data as they had certified.
“We immediately banned them from using any of our services.
“Cambridge Analytica claims they have already deleted the data and has agreed to a forensic audit by a firm we hired to confirm this. We’re also working with regulators as they investigate what happened.
“This was a breach of trust between Kogan, Cambridge Analytica and Facebook. But it was also a breach of trust between Facebook and the people who share their data with us and expect us to protect it. We need to fix that.”
The move came after a former employee of the company told MPs that Facebook had a “wild west” approach to looking after its users’ data and had “little detection” of any violations of its policies.
Whistleblower Sandy Parakilas claimed the company “had very few ways of discovering abuse or enforcing on abuse when it was discovered”.
Mr Parakilas, who worked in policy compliance and data protection for Facebook between 2011 and 2012, was giving evidence to the Digital, Culture, Media and Sport Committee (DCMS) and said that while security to protect against hacking or other attacks was very strong, the same could not be said of user data accessed by Facebook developers.
He said that, to prevent abuse of its data, Facebook created a set of policies that forbade activity such as selling user data or passing it to advertising networks, but said he had no memory of a “single physical audit of a developer’s storage” during his time there.
“But this platform… would allow [developers] to get all this data on people who hadn’t really explicitly authorised it,” he said, explaining that they were at this time able to collect data on users’ friends without the explicit permission of those friends.
“It was personally identifiable, it was your name, in some cases your email addresses, in some cases your private messages – they just basically allowed that to leave Facebook’s servers intentionally and there weren’t really controls once the data had left to make sure it was being used in an appropriate way.”
Facebook shares have slid by more than 7.6% since the first allegations were reported at the weekend by the Observer, and the firm received a backlash online – with a number of users reporting that they were deleting their accounts, including the co-founder of WhatsApp, which was bought by Facebook in 2014.
The company is also facing legal action from some of its own shareholders, who claim the company made “materially false and misleading statements regarding the company’s business, operational and compliance policies”.
The company has denied using Facebook data in its work on the president’s election campaign.
Downing Street confirmed on Wednesday that the Government employed CA parent company SCL for a contract with the Ministry of Defence, but said this had ended before the recent allegations came to light.
“We are looking across Government to see if there were any other contracts,” said a spokesman. “As the Prime Minister said, we are not aware of any current contracts.”
The Conservative Party said it had been approached by CA with a pitch for work during David Cameron’s leadership, but said this was rejected.
“The Conservative Party has never employed Cambridge Analytica or its parent company, nor used their services,” a Tory spokesman said.