Facebook’s Groups API causes data privacy concerns

November 4, 2019

Facebook wants to avoid another data privacy blunder. The company is quickly trying to address a problem it found with its Groups API access.

Last year, in an effort to better protect users privacy, Facebook removed and restricted a number of developer APIs — Groups API was one of these restricted APIs. Before restrictions were added, the API enabled group admins to provide developers with access to the group’s information. As part of the changes, the API restricts the type of information app developers can access such as the group’s name, number of users, and posts. Group members have to opt-in if they want to provide developers with additional information like name and pictures.

RELATED CONTENT: GDPR one year later: Slow compliance, lax enforcement

However, Facebook recently discovered that some apps still retained access to group information from the Groups API. Facebook has removed that access and is actively trying to reach out to about 100 partners who may have accessed the information since the restrictions were put in place.

‘We know at least 11 partners accessed group members’ information in the last 60 days. Although we’ve seen no evidence of abuse, we will ask them to delete any member data they may have retained and we will conduct audits to confirm that it has been deleted,” Konstantinos Papamiltiadis, director of developer platforms and programs at Facebook, wrote in a post. “These were primarily social media management and video streaming apps, designed to make it easier for group admins to manage their groups more effectively and help members share videos to their groups.”