Imagine you were developing a model to reach vulnerable US voters, that you could tailor based on data from 87 million users…

Facebook Says Data on 87 Million Users May Have Been Improperly Shared: Facebook’s Zuckerberg to testify before House Committee on April 11

Facebook CEO Mark Zuckerberg is scheduled to go before the U.S. House Energy and Commerce Committee for questioning on digital privacy.
Facebook CEO Mark Zuckerberg is scheduled to go before the U.S. House Energy and Commerce Committee for questioning on digital privacy. PHOTO: STEVEN SENNE/ASSOCIATED PRESS

WASHINGTON— Facebook Inc. said it believes that information on as many as 87 million of its users may have been improperly shared with an analytics firm tied to the 2016 campaign of President Donald Trump, a larger number than had been previously reported.

The disclosure comes as the company is stepping up its efforts to repair trust with regulators and the public in the wake of several controversies tied to the election. Earlier Wednesday, U.S. lawmakers announced that Facebook founder and Chief Executive Mark Zuckerberg has agreed to testify on Capitol Hill on how the company handles data related to its 1.4 billion daily users, globally.

Facebook has come under heavy criticism after it was revealed earlier this year that the analytics firm, Cambridge Analytica, obtained Facebook user information on tens of millions of users. The social-media giant also faces questions over the proliferation of “fake news” and the presence of Russian operatives on the service during the race.

Facebook disclosed the new figure—up from 50 million previously reported—in a statement laying out several updates to the way the Facebook service works, moves intended to better protect the privacy of users and increase their control over how their personal information is shared.

Related Video: The Key to Understanding Facebook’s Current Crisis

Facebook’s current data crisis involving Cambridge Analytica has angered users and prompted government investigations. To understand what’s happening now, you have to look back at Facebook’s old policies from 2007 to 2014. WSJ’s Shelby Holliday explains. Illustration: Laura Kammerman

The company said it will soon allow users to see if their data may have been shared with Cambridge Analytica. Facebook, which has 184 million users in the U.S. and Canada, said most of the users affected were in the U.S.

Mr. Zuckerberg is scheduled to appear on April 11 before the House Energy and Commerce Committee, which oversees many telecommunications and internet policy issues. The hearing will focus on “the company’s use and protection of user data,” the panel said in its announcement, but lawmakers can also press Mr. Zuckerberg on other matters.

A Facebook spokesman confirmed Mr. Zuckerberg would appear before the House committee and said conversations are continuing about other possible hearings. Mr. Zuckerberg is scheduled to hold a conference call with reporters Wednesday afternoon. Two Senate committees also are interested in having Mr. Zuckerberg appear.

The House hearing is expected to place Mr. Zuckerberg in the kind of ​unpredictable spectacle he has largely avoided. His public appearances, in town-hall gatherings or during his tour of America last year, are often tightly scripted. Mr. Zuckerberg recently declined to appear before a U.K. parliamentary committee seeking evidence on how companies acquire user data from Facebook, choosing to send a deputy instead.

Mr. Zuckerberg’s first public testimony before Congress marks a pivotal moment for the 14-year-old company, coming at a time of mounting tension with regulators and lawmakers.

A series of revelations over the past year have shaken user trust in Facebook’s products. On March 16, Facebook acknowledged that user data was improperly obtained by Cambridge Analytica. Six months before that, Facebook disclosed that it had been exploited by Russian-backed propagandists in an attempt to sow divisions in the U.S.

Facebook has been taking a number of steps to address criticisms from its users, regulators and lawmakers. On Tuesday, Facebook announced that it had identified and removed a new batch of 135 accounts on its site linked to Russia’s Internet Research Agency troll farm.

To address concerns about privacy, the social network is releasing greater detail about how it collects and deploys vast troves of information about users, proposing revisions to its terms of service and data policy on Wednesday. The documents mark the company’s first major update to its privacy disclosures since 2015.

The proposed policies don’t ask users for new permissions or change the preferences users have set in the past, but instead lay out more information about how the social network operates. The documents describe how Facebook uses data to customize the posts and ads that users see and the circumstances under which it shares data, among other things. The revised terms also remind users that Facebook shares information with its Instagram, WhatsApp and Oculus units.

The policy revision builds on an announcement Facebook made in late March that it will make it simpler for users to examine and change some of their data that the social network tracks.

“This is about making the information about how we use people’s data and how people can control it more clear,” Rob Sherman, deputy chief privacy officer at Facebook, said in an interview. He said Facebook has been working on the proposed policies for months and will seek public comments before implementing them.

How Facebook articulates its terms of service to its users is important because Facebook has previously come under fire from the Federal Trade Commission. The agency in 2011 said Facebook deceived consumers by telling them they could they could keep their information on Facebook private, but then allowed it to be made public. A subsequent settlement between the FTC and Facebook required the company to give consumers notice before sharing their information beyond their data settings. The FTC is now investigating Facebook over how Cambridge Analytica used Facebook data.

Facebook’s Mr. Sherman said protecting people’s privacy is critically important to the company, but didn’t comment further on Facebook’s interactions with the FTC. “One of the ideas underlying the FTC consent decree is that we should be clear with people about how we use their information and give them meaningful choices around that,” Mr. Sherman said. “And that is what we are trying to do with this update.”

Write to John D. McKinnon at and Georgia Wells at

Facebook says Cambridge Analytica may have gained 37m more users’ data

  • Company reveals up to 87m people may have been affected
  • Larger figure buried in penultimate paragraph of blogpost

This larger figure was buried in the penultimate paragraph of a blogpost by the company’s chief technology officer, Mike Schroepfer, published on Wednesday, which also provided updates on the changes Facebook was making to better protect user information.

The news comes a week before CEO Mark Zuckerberg is due to face questioning from members of Congress over the data scandal. He will appear before the House energy and commerce committee on Wednesday 11 April.

In his blogpost, Schroepfer outlined sweeping changes to the way third-party developers can interact with Facebook via APIs, the digital interfaces through which third parties can interact with and extract data from the platform.

The company will no longer allow developers to access the guest list or wall posts of an event scheduled on Facebook, while developers seeking to access the data of Facebook group members will first need to get the permission from a group administrator to ensure “they benefit the group”.

Facebook is also tightening its review process for apps that request access to information such as check-ins, likes, photos and posts, making developers agree to strict requirements. Apps will no longer be allowed access to personal information such as religious or political views, relationship status, education, work history, fitness activity, news habits and activity related to news, video and games consumption.

The company is also removing a tool that allows people to search for someone on Facebook using their phone number or email address because, Schroepfer said, “malicious actors have also abused these features to scrape public profile information”.

“Overall, we believe these changes will better protect people’s information while still enabling developers to create useful experiences. We know we have more work to do – and we’ll keep you updated as we make more changes,” he added.

The updates come two weeks after the Observer revealed that the data analytics firm that worked with Donald Trump’s election team and the Brexit campaign acquired millions of profiles of US citizens and used it to build a software program to predict and influence voters. Facebook discovered the information had been harvested by a third party in late 2015, but failed to alert users at the time.

The data was collected through an app called thisisyourdigitallife, built by Cambridge University academic Aleksandr Kogan through his company Global Science Research in collaboration with Cambridge Analytica. Hundreds of thousands of users were paid a small fee to take a personality test and they consented to have their data collected.

However, the app also harvested the information of the participants’ friends, which allowed for the accumulation of data from tens of millions of Americans.

Facebook first discovered that Kogan had improperly shared the information with Cambridge Analytica when a Guardian journalist contacted the company about it at the end of 2015. At the time Facebook asked Cambridge Analytica to delete the data and revoked Kogan’s access to the Facebook API, the interface through which third parties interact with the social network.

After the Observer contacted Facebook three weeks ago with testimony from a whistleblower stating that Cambridge Analytica had not deleted the data, Facebook has announced a series of measures to prevent future data leaks.

Zuckerberg said the company would investigate apps that had access to “large amounts of information” and audit any apps that show “suspicious activity”. The company said it would also inform those whose data was “misused”.

Last week the company announced plans to shut down a feature allowing “data brokers” such as Experian and Oracle to use their own reams of consumer information to target social network users.