NEW YORK (Reuters Breakingviews) - Mark Zuckerberg’s slow defense reveals real weakness. The Facebook founder finally explained how users’ information was harvested - four days after the incident was revealed by press reports. But his promise to tighten controls rings hollow. The trouble is the social network is built on data. Truly securing it may blow up its business.

According to Zuckerberg’s timeline, in 2013 a UK researcher created a personality-quiz app, and about 300,000 Facebook members installed it. Through them, the app was able to access data on millions of these users' friends. In 2015, Facebook found out from journalists at The Guardian newspaper that the researcher had shared the data with Cambridge Analytica. Last week the company learned from the New York Times and Observer that Cambridge Analytica may not have deleted the data, as Facebook had asked.

It’s one thing for users to provide data to an app, but snaring in all of their friends – without their knowledge – is at best a dodgy practice. Zuckerberg says Facebook addressed the problem in 2014, but remember this is a man who defined the corporate ethos as moving fast and breaking things. Fixing the damage after it’s done is small consolation. In this case, the company didn’t pursue the matter vigorously or disclose much until forced to do so.

Chief Operating Officer Sheryl Sandberg was no more forthcoming. Her statement echoed Zuckerberg’s, including the company’s plans to reduce the data users give to other apps when using Facebook to log in.

The reluctance of the two executives to quickly respond suggests an insular corporate culture that doesn’t want to hear about problems. It’s telling that a plaque outside Sandberg’s conference room reads “Good News Only,” according to Time magazine.

The best way to secure the data completely is to not gather or sell it at all. But that would undermine the company’s ability to sell targeted advertising, a business that vacuumed up nearly 20 percent of U.S. digital-ad revenue last year and has made Facebook the sixth-most valuable U.S. public company, worth nearly $500 billion. There ought to be a happy medium of greater data protections that would rebuild customers’ trust, even if it dents the bottom line. If Facebook doesn’t find it, customers will bolt, damaging profitability anyway.

When Facebook went public in 2012 Zuckerberg defined its mission in a simple phrase: “we don’t build services to make money; we make money to build better services.” It’s time he put that into practice.

 

 

CONTEXT NEWS

- Mark Zuckerberg said on March 21 that Facebook had made mistakes in how it handled customer data after information from about 50 million users ended up at data-analytics firm Cambridge Analytica. “We have a responsibility to protect your data, and if we can’t then we don’t deserve to serve you,” the Facebook founder said in a post, in which he pledged to address the issue.

- News reports that Cambridge Analytica had harvested information from Facebook customers without their permission broke on March 17.

- Zuckerberg said Facebook will audit apps that had access to large amounts of information prior to 2014, when the company tightened rules on access to user data. It will also put in place new restrictions on developers' access to data. Facebook will also provide a new tool making it easier for users to see which apps have access to their information, and to revoke that access.

(Editing by Tom Buerkle and Ben Kellerman) ((robert.cyran@thomsonreuters.com; jennifer.saba@thomsonreuters.com)(Reuters Messaging: robert.cyran.thomsonreuters.com@reuters.net; jennifer.sabathomsonreuters.com@reuters.net))