NEW YORK (AP) - Facebook revealed Wednesday that tens of millions more people might have been exposed in the Cambridge Analytica privacy scandal than previously thought and said it will restrict the user data that outsiders can access.
Facebook is facing its worst privacy scandal in years following allegations that Cambridge Analytica, a Trump-affiliated data mining firm, used ill-gotten data from millions of users to try to influence elections. Facebook said Wednesday that as many as 87 million people might have had their data accessed - an increase from the 50 million disclosed in published reports.
This Monday, all Facebook users will receive a notice on their Facebook feeds with a link to see what apps they use and what information they have shared with those apps. They'll have a chance to delete apps they no longer want. Users who might have had their data shared with Cambridge Analytica will be told of that. Facebook says most of the affected users are in the U.S.
With outsiders' access to data under scrutiny, Facebook outlined several changes to further tighten its policies.
Facebook is restricting access that apps can get about users' events, as well as information about groups such as member lists and content. In addition, the company is also removing the option to search for users by entering a phone number or an email address. While this helped individuals find friends, Facebook says businesses that had phone or email information on customers were able to collect profile information this way.
This comes on top of changes announced a few weeks ago. For example, Facebook has said it will remove developers' access to people's data if the person has not used the app in three months.
Although Facebook says the policy changes aren't prompted by recent events or tighter privacy rules coming from the EU, it's an opportune time. It comes as Zuckerberg is set to appear April 11 before a House committee - his first testimony before Congress. Separately, the U.S. Federal Trade Commission and various authorities in Europe are investigating.
Almost always, critics say, the changes meant a move away from protecting user privacy toward pushing openness and more sharing. On the other hand, regulatory and user pressure has sometimes led Facebook to pull back on its data collection and use and to explain things in plainer language - in contrast to dense legalese from many other internet companies.
The policy changes come a week after Facebook gave its privacy settings a makeover. The company tried to make it easier to navigate its complex and often confusing privacy and security settings, though the makeover didn't change what Facebook collects and shares either.
The previous policy did not mention call logs or text histories. Several users were surprised to learn recently that Facebook had been collecting information about whom they texted or called and for how long, though not the actual contents of text messages. It seemed to have been done without explicit consent, though Facebook says it collected such data only from Android users who specifically allowed it to do so - for instance, by agreeing to permissions when installing Facebook.
Facebook also added clarification that local laws could affect what it does with "sensitive" data on people, such as information about a user's race or ethnicity, health, political views or even trade union membership. This and other information, the new policy states, "could be subject to special protections under the laws of your country." But it means the company is unlikely to apply stricter protections to countries with looser privacy laws - such as the U.S., for example. Facebook has always had regional differences in policies, and the new document makes that clearer.