A watchdog told Facebook that relying on developers to follow information rules in some cases was not good enough two years before a “data grab” on millions of users is said to have taken place.
A 2011 audit by Ireland’s Data Protection Commissioner (DPC) said Facebook’s security measures were “not considered sufficient” to prevent third party apps from unauthorised use of personal data.
In 2013, Cambridge University researcher Aleksandr Kogan is alleged to have collected data from 50 million users using a quiz app before passing the information to election consultancy Cambridge Analytica (CA) in 2014.
Both Facebook and CA have denied any wrongdoing.
The billionaire said the social networking site had already stopped apps like Dr Kogan’s from accessing so much information and promised to “do better” for users.
The December 2011 report by the DPC told executives at Facebook’s international headquarters in Ireland that the watchdog “(did) not consider that reliance on developer adherence to best practice or
stated policy in certain cases is sufficient to ensure security of user data”.
Facebook told the regulator that it had “proactive auditing and automated tools” that were designed to not only detect abuse by developers, but to “prevent it in the first place”.
However the watchdog said the measures “(were) not considered sufficient by this Office to assure users of the security of their data once they have third party apps enabled”.
The company told the Sunday Telegraph that a September 2012 audit by the DPC said the firm had made “good progress”, while the company changed its platform entirely in 2014.
Mr Zuckerberg said he was “really sorry” for the “major breach of trust” and pledged to work to prevent data from being misused in future.
Adverts placed in UK papers on Sunday said: “We have a responsibility to protect your information. If we can’t, we don’t deserve it.”
The UK Information Commissioner, Elizabeth Denham, has ordered an investigation into CA that saw enforcement officers carry out a seven-hour search at its London offices.
The Information Commissioner’s Office was granted a warrant by a High Court judge to search the premises as part of its larger probe into the use of personal data and analytics by political campaigns, parties, social media companies and other commercial actors.