1.Review our platform.  We will investigate all apps that had access to large amounts of information before we changed our platform in 2014 to reduce data access, and we will conduct a full audit of any app with suspicious activity. If we find developers that misused personally identifiable information, we will ban them from our platform.

2.Tell people about data misuse.  We will tell people affected by apps that have misused their data. This includes building a way for people to know if their data might have been accessed via “thisisyourdigitallife.” Moving forward, if we remove an app for misusing data, we will tell everyone who used it.

Facebook

3.Turn off access for unused apps.  If someone hasn’t used an app within the last three months, we will turn off the app’s access to their information.

4.Restrict Facebook Login data.  We are changing Login, so that in the next version, we will reduce the data that an app can request without app review to include only name, profile photo and email address. Requesting any other data will require our approval.

5.Encourage people to manage the apps they use.  We already show people what apps their accounts are connected to and control what data they’ve permitted those apps to use. Going forward, we’re going to make these choices more prominent and easier to manage.

6.Reward people who find vulnerabilities.  In the coming weeks we will expand  Facebook’s  bug bounty program  so that people can also report to us if they find misuses of data by app developers.