While Facebook says it has fixed a bug that may have given outside apps unintended access to the photos of 6.8 million users, the glitch is likely to increase congressional scrutiny of the social media giant’s privacy safeguards.
The incident comes amid increasing momentum for a federal privacy bill and after Facebook’s disclosure in September that hackers had compromised as many as 30 million accounts as well the discovery earlier in the year that a consultant on President Trump’s 2016 campaign improperly gained access to information on 87 million users.
While 1,500 apps may have been affected by the bug disclosed Friday, which was present from Sept. 13-25, they were all programs that had been approved by Facebook and to which users had given permission for photo access, the Menlo Park, Calif.-based company said.
Typically, when Facebook users allow third-party apps to use their photos, only images from the account holder’s timeline are made available, the firm said in a post on its website. Because of the bug, some apps had access to pictures the users shared on Marketplace or Facebook Stories as well as photos that had been uploaded but not posted.
“It’s part of our ongoing focus to be more proactive about taking responsibility for the safety of our community,” founder and CEO Mark Zuckerberg told reporters after the September hack. “We’re going to keep investing very heavily in security going forward.”
While tech companies support the idea of uniform standards as Congress weighs privacy breaches at companies from search engine Google to credit bureau Equifax, they’re keen to avoid some of the restrictions imposed in the European Union’s General Data Protection Regulation and the state of California.
Such incidents nonetheless “raise legitimate questions about what types of data exposures company are required to disclose publicly,” Rep. Jerry Nadler said during a House Judiciary Committee hearing with Google CEO Sundary Pichai earlier this week.
They also invite a focus “on how much control users should have over their own data and how such controls should be regulated,” said Nadler, whose party gained control of the House in November’s midterm elections.
Even if Congress passes a bill as soon as 2019, Shane Green, the head of digi.me, a platform designed to give users more control over their data, worries that it won’t go far enough.
The privacy principles promoted by U.S. trade groups so far — as examples of what their industries support — fall far short of Europe’s requirement that users be able to take back their information from businesses at any time, he told the Washington Examiner.
“What they’re trying to do is pay lip service to some of the ideas and principles of GDPR, but effectively put loopholes in it that create fatal flaws,” he said.
Facebook gained 0.4 percent to $145.53 in New York trading on Friday, paring its decline this year to 17 percent.
