Introducing Information Safety Evaluation
Today we’re sharing our latest initiative to protect the management and protection of personal data on our platforms – the Privacy Rating. This is the next step among several initiatives we launched over the last year to ensure we continue to make progress in our commitment to human privacy and data security – a responsibility we share with all developers in our ecosystem.
The new data protection assessment is a questionnaire (see Appendix 2) for apps with access to advanced permissions that specifically focuses on how developers (both direct integrators and technology providers) use, share and protect platform data, as described in the Facebook platform terms. We will also ask about privacy policies and implementations of data security practices. For apps that access the highest sensitivity of user data, developers must provide evidence such as uncovered with your app and descriptions of how users can request their data to be deleted to support their responses to the assessment. All developers who receive this new privacy assessment questionnaire must submit the assessment within 60 days or risk losing platform access. This assessment will be introduced gradually from the end of July.
This is different from Data Use Checkup (DUC), which focuses on what specific permissions the app has access to and is an annual process that requires developers to confirm that their continued use of Facebook data complies with our platform policy. It is also different from App Review, a forward-looking process that blocks access to certain permissions on the Facebook platform and requires developers to submit an application to justify platform access. The combination of App Review, Data Use Checkup and Data Protection Assessment allows us to get a more complete picture of how apps access platform data and what methods they use to protect that data.
We are grateful for the way in which developers have accompanied us on our way to protecting the privacy of people on our platform and are establishing new best practices together with us.
Preparations for the data protection assessment
To prepare for the assessment, you should:
- Update your contact information in the notification settings
- Make sure your list of App Admins is up to date in the App Dashboard> Roles.
- Remove any apps that you no longer need. Think carefully about whether or not you need the app as this action may be difficult to undo. To remove an app, go to App Dashboard> Settings> Advanced.
- Read our platform terms in detail and make sure you can answer questions about how your app meets these terms.
- Read our data security best practices
What you can expect from the data protection assessment
If your app depends on this regular rating and you are the app admin, you will receive an email and a message in your app’s alert inbox when it’s time for you based on the data your app has access to is to complete the assessment. . If you miss the developer warnings, you will also see notifications for data protection ratings in your app dashboard (see Appendix 1). We’ll be rolling this out in phases over the coming weeks, so check back often.
Appendix 1: My apps page
The assessment asks questions about how you use, share, protect, and delete platform data. If your app accesses particularly sensitive data, documentation is required, which can take some time to collect. Make sure you start the assessment early so that you have enough time to complete it. You don’t have to complete the assessment in a single environment. You can save your progress and return to the assessment later.
Figure 2: Start Scoring
Here is a quick video of what to expect:
Something went wrong
There were problems playing this video.
If your app takes this exam, you will have 60 days to complete and submit the exam. Failure to submit as well as breach of our terms can lead to enforcement actions against your app.
We know that protecting people’s privacy is just as important to you as it is to us. Thank you for working with us as we continue to build a safer, more sustainable platform.