It was revealed that a data broker has been buying Facebook user information from app developers and as a result has placed some developers on a six-month suspension. The announcement made on Facebook developers’ blog, comes on the heels of the revelation that many popular Facebook apps were transmitting user IDs which can be used to look up a users’ names and, in some cases, the names of the app user’s friends to a series of advertising and data firms.
According to Facebook’s developers’ blog: “As we examined the circumstances of inadvertent UID transfers, we discovered some instances where a data broker was paying developers for UIDs. While we determined that no private user data was sold and confirmed that transfer of these UIDs did not give access to any private data, this violation of our policy is something we take seriously. As such, we are taking action against these developers by instituting a 6-month full moratorium on their access to Facebook communication channels, and we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies. This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform“. Facebook didn’t identify the data broker that was purchasing user information but did say it had reached an agreement with Rapleaf, a San Francisco-based data aggregation company that was previously identified as receiving some user information. Facebook said that Rapleaf has agreed to delete all user ID information in its possession. Facebook said it “never sold and will never sell user information” and has a “zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook.”
The social-networking giant has blamed the issue on “referrer URLs,” which tells sites which Websites directed Internet users to sites, and proposed a technical solution to prevent future transfers. Facebook also announced it had modified its policy to require developers to use the anonymous identifiers when working with ad networks.