Restricting Data Access and Protecting People's Information on Facebook

Two weeks ago, we promised to take a hard look at the information apps can use when people connect them to Facebook as well as other data practices. Today, we're providing an update on the steps we're taking to better protect people's Facebook information. First, we're changing our platform APIs to be more restrictive across the following areas.

1. Apps using the Events API will no longer be able to access the guest list or posts on the event wall. And in the future, only apps we approve that agree to strict requirements will be allowed to use the Events API.
2. All apps using the Groups API will need approval from Facebook and an admin to ensure they benefit the group. Apps will no longer be able to access the member list of a group. And we're also removing personal information, such as names and profile photos, attached to posts or comments that approved apps can access.
3. We want to make sure Page information is only available to apps providing useful services to our community. So starting today, all future access to the Pages API will need to be approved by Facebook.
4. Effective today, we are speeding up the previously announced deprecation of the Instagram API Platform. You can find more information about this here.

We also recently announced important changes to Facebook Login. Starting today, Facebook will need to approve all apps that request access to information such as check-ins, likes, photos, posts, videos, events and groups. We started approving these permissions in 2014, but now we're tightening our review process—requiring these apps to agree to strict requirements before they can access this data. We will also no longer allow apps to ask for access to personal information such as religious or political views, relationship status and details, custom friends lists, education and work history, fitness activity, book reading activity, music listening activity, news reading, video watch activity, and games activity. In the next week, we will remove a developer's ability to request data people shared with them if it appears they have not used the app in the last ten months.

You can learn more about all these changes on the Developer blog.

If your business or service was impacted by these changes and you have an urgent issue in need of resolution, please fill out this form and someone from our team will get in touch with you.

Beyond these changes, we've also identified other product areas where we will restrict the way others access our tools including:

• Search and account recovery
• Call and text messaging histories
• Data providers and targeting ads

We believe these changes will better protect people's information while still enabling developers to create useful experiences. We know we have more work to do, and we'll keep you updated as we continue to make more changes.