Mark Zuckerberg (finally) admits huge data scandal is “a breach of trust” between Facebook and its users

But the Facebook CEO’s mea culpa is way too little and way too late.

The news: Mark Zuckerberg finally broke his silence over a massive data scandal that had been festering for days. The furor was triggered by revelations that Cambridge Analytica (CA), a data-mining firm involved in the 2016 Trump election campaign, had gained unauthorized access to information about tens of millions of Facebook users.

The mea culpa: Although Zuckerberg blamed CA and Aleksandr Kogan, a researcher, for misleading the social network about whether they had deleted user data, he also admitted that the affair was “a breach of trust between Facebook and the people who share their data with us and expect us to protect it.” 

Tip of a data iceberg: Zuckerberg said Facebook will conduct an audit of all apps that accessed large amounts of customer data before it tightened access rules in 2014, investigate those that engaged in suspicious activity, and ban them if they have broken its rules. It plans to tell customers whose data was abused. 

Developer crackdown: The social network will also restrict the data developers can access when someone signs up to an app, and revoke access to data in any app that hasn’t been used for three months. Developers will also have to sign a digital contract with a user to get access to data beyond a name, profile photo, and e-mail address. Zuckerberg said Facebook also plans to let users see what apps are using their data and to control permissions directly from their News Feed. Right now, such tools are buried more deeply in Facebook’s privacy controls. 

Too late and too little: There are still plenty of unanswered questions, such as why Facebook failed to report Cambridge Analytica’s failure to delete user data when it learned about if from journalists in 2015. Why weren’t the steps outlined above—and more—taken then rather than years later? And there’s still a deeply worrying lack of transparency over exactly how Facebook—and third parties—use customers’ data to target advertising and other services. Zuckerberg’s steps are the equivalent of applying a Band-Aid to a massive, festering wound that requires serious surgery to fix it—assuming that’s even possible given the contradictions inherent in Facebook’s surveillance-driven business model. 

The end of the beginning: This isn’t by any means the beginning of the end of Facebook’s CA-related headaches, which include multiple government probes on both sides of the Atlantic, scathing criticism from former insiders, and the prospect of an avalanche of lawsuits.