Facebook (FB) has vowed to make a litany of changes in how it collects and uses your data, from banning some external apps to giving users more "control."
It has made similar promises for.
Data is Facebook's lifeblood -- it's what makes the company's advertising effective, and that's where almost all its revenue comes from. So data isn't going away. "That would be a paid product," said Facebook's Sheryl Sandberg on NBC's Today show.
But Facebook does need to overhaul how it handles data, and it has announced at least eight changes in the three weeks since the Cambridge Analytica controversy first emerged.
1. Inform those possibly affected by Cambridge Analytica
As many as 87 million people have had data revealed to third parties, according to Facebook's recent estimate, and the company is letting them know.
"Facebook will alert anyone whose data may have been improperly used by Cambridge Analytica," the company said. Users "whose information may have been improperly used by This Is Your Digital Life and Cambridge Analytica .... will get a link to the Facebook Help Center page with a tool that will tell them if and how their data may have been misused."
These tools started rolling out at noon ET on Monday, April 9.
2. Put app settings in one place
Facebook has promised to centralize its privacy app settings, an effort it began Monday morning.
"When you log into Facebook you will see a message at the top of your News Feed with a link to any apps you've used, any you have deleted, along with a way to delete those apps and thus stop them from using your data," the company said. "Everyone on Facebook will receive this message over the coming weeks."
3. Tighten apps' access to data
Say you took a personality quiz on Facebook, circa 2013. You might have shared your email address, your birth date, your likes or your location. Facebook says it's greatly reducing the info you'll share: "We're reducing the data you give an app when you approve it to only your name, profile photo, and email address," founder and CEO to the House Energy and Commerce committee. (Research shows that it's possible to identify an individual with just their name and email, or with three data points.)
Facebook's chief technology officer laid out the details in a post on Wednesday. "We will ... no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity," he wrote.
The company has also reduced the information that apps can access from Facebook groups, events and pages. Apps that want to access Pages, a public-facing feature that anyone like a business or a celebrity can create, "will need to be approved by Facebook," he said -- which was not the case before.
Apps that have access to groups will not be able to see the group's membership, and apps that have access to events won't be able to see the event attendance or posts on the event's wall.
And access will be restricted to "only apps we approve that agree to strict requirements," the company said, without specifying what those requirements would be.
4. Cut off dormant apps
Aside from letting users turn off particular apps, Facebook has said it will cut off data access for any apps within three months of inactivity. "We're removing developers' access to data if you haven't used their app in three months," Zuckerberg's testimony says.
It's worth remembering that these changes to apps don't affect how much information Facebook itself collects about you -- it's still able to see things like your relationship status, political views and video viewing history, preserving its ability to serve you targeted ads. That's critical for a company that makes 98 percent of its revenue from advertising.
5. Make it harder to find people
Until recently, it was possible to find a person's Facebook profile by searching for their email or phone number. Facebook disabled this feature last week after it became known that "malicious actors" used this feature to acquire public profile information from many accounts.
6. End some types of targeted advertising
Last month, Facebook said it was ending an ad program that allowed marketers to pair information about a user's offline activities with their Facebook profile. This program, called "Partner Categories," used data gathered from other companies like Acxiom (ACXM), Experian and Oracle Data Cloud (ORCL).
"These categories allow you to further refine your targeting based on information compiled by these partners, such as offline demographic and behavioral information like homeownership or purchase history," Facebook explained when it introduced the program in 2013.
The program will wind down over the next six months, Facebook said, explaining that the step would "help improve people's privacy on Facebook."
7. Disclose information on advertisers
After Facebook was found to have prepared remarks, and "advertisers will have to show you who paid for [ads]."in the run-up to the 2016 election, the company promised to disclose information on purchasers of political ads as well as "issue" ads. Advertisers will have to be "authorized" by disclosing their location and identity to Facebook, Zuckerberg said in his
Facebook also said it's working on a tool that will let anyone see all the ads running on a page.
In December, Facebook introduced a tool to alert users who may have followed or liked pages created by the Russia's Internet Research Agency, known as the Kremlin's propaganda outlet. It works on Facebook-owned Instagram as well as Facebook, but it does not show whether someone saw ads linked to those groups, as critics pointed out.
Facebook has also reversed its former lukewarm stance on the "Honest Ads Act." That bill, introduced by a bipartisan group of senators in October, would require online political ads to disclose who paid for them. (This is already a requirement for ads on TV and in print.)
The tech industry initially tried to head off the legislation, with one trade association pitching self-regulation as an alternative. Facebook, Google (GOOG) and Twitter (TWTR) all promised to improve their handling and disclosure of political ads.
But on Friday, Zuckerberg came out in support of the bill. "Election interference is a problem that's bigger than any one platform, and that's why we support the Honest Ads Act. This will help raise the bar for all political advertising online," he said in a post.
8. Research the role of social media in elections
On Monday morning, Facebook announced the creation of a new initiative to conduct "independent, credible research about the role of social media in elections, as well as democracy more generally."
Facebook said it will develop requests for research proposals (with the help of a commission of researchers) and, when appropriate, provide "privacy-protected datasets" for researchers to analyze. Facebook said "will not have any right to review or approve their research findings prior to publication."
Seven different foundations are funding the effort. (It's not clear if Facebook is offering cash in addition to data sets. The announcement made no mention of Facebook funding the initiative.)
It's not the first time the company has responded to criticism by partnering with affected groups. Slightly over one year ago, Facebook launched its Journalism Project, an effort to smooth relations with an industry that largely sees itself as damaged by Facebook. It's not clear if anything has changed, though: One critic called the project "a public relations exercise aimed at placating publisher critics."