Facebook India Thursday informed the government of this breach in its response to a notice issued by the Ministry of Electronics and Information Technology.
New Delhi: The privacy of more than 5 lakh Indian users of Facebook was compromised by a company that later sold the data to Cambridge Analytica. And it took just 335 Indian Facebook users to do that.
The quiz app ‘thisisyourdigitallife’ was installed by 335 Facebook users living in India between November 2013 and December 2015, a Facebook India spokesperson has told ThePrint.
Facebook India Thursday informed the government of this breach in its response to a notice issued by the ministry of electronics and information technology.
The app scraped data of not just these 335 users but also their friends and then their friends — thus eventually scraping data of 5,62,120 users besides the original 335 who had installed the app. The app was pushed on to Facebook users by a company called Global Science Research, run by Dr Aleksandr Kogan, a psychology researcher at the University of Cambridge.
The data scraping went on until Facebook suspended the app from its platform in December 2015, after a report in The Guardian revealed that Kogan sold the data to Cambridge Analytica, which used it to target voters in the 2016 US elections. This, Facebook said, was in violation of its terms.
Facebook hasn’t revealed who these 335 users in India were or where they were located. However, beginning Monday, 9 April, Facebook India will inform all 5,62,455 users in India that their account privacy had been breached by the app.
It is not known what Cambridge Analytica did with the Indian data, and if it was used in any election campaign in India. The Indian government sent Cambridge Analytica a notice, but is yet to receive a reply.
Facebook has put out country-wise numbers of users whose privacy was violated by the app. The 335 installs of the app in India constitute just 0.1 per cent of its total app installs. The total figure of 5,62,455 users accounts for 0.6 per cent of total accounts breached worldwide.
Facebook says it does not know exactly what data was scraped and stored or what GSR or Cambridge Analytica did with it. In its response to the Indian government, Facebook has suggested that it reach out directly to the UK regulator to know how Cambridge Analytica may have used the data of Indian users.
Facebook has also said it is investigating if any other apps have similarly violated privacy of users, scraping their data and misusing it.
Facebook had asked GSR and Cambridge Analytica to delete all data they had collected, which they said they had done. But Facebook later learnt that they hadn’t completely destroyed the data, as a result of which it banned Kogan and Cambridge Analytica from the platform.
If users install an app, they give consent to sharing private information — but their friends do not. In December 2015, Facebook had disallowed external apps from scraping data of “friends of friends”.
Now, in sweeping privacy changes the company announced Thursday it had made it tougher for third-party apps to scrape through Facebook for any data. Apps wanting to do so will have to be approved by Facebook on a case-by-case basis, a decision that had earlier been left to users alone.
Facebook has also disabled the feature that allowed anyone to find users with their phone numbers or email addresses, as this was being misused by “malicious actors”.