The revelation is likely to result in yet another round of criticism for the tech giant, more than three months after federal regulators slapped it with a $5 billion fine and other punishments after allegations that it mishandled its users’ personal information. The settlement, which did not require Facebook to admit guilt, is pending approval in federal court and would require the company to be more vigilant about apps on its platform.
Since the Federal Trade Commission brokered that deal with Facebook, other incidents have come to light. In September, Facebook said it suspended “tens of thousands” of apps that may have mishandled user data, including some that may have had large followings, court documents at the time revealed.
“Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Konstantinos Papamiltiadis, the director of platform partnerships at Facebook, said in the blog post.
The company did not respond for requests for comment.
The trouble appears to stem from a functionality in Facebook’s groups service. Before April 2018, administrators for groups could authorize apps, which could access information about users in that group. After April 2018, Facebook said it imposed restrictions on developers, who would have to obtain group members’ permission before collecting information such as their name and profile photo.
On Tuesday, Facebook announced it had “found that some apps retained access to group member information, like names and profile pictures in connection with group activity, from the Groups API, for longer than we intended.”