Facebook has admitted that some developers have retained personal information collected by its Groups API, even after changes the social network implemented in 2018 to limit the data access external companies had with Facebook groups.

Prior to April 2018, app developers had access to the names of the members in a Facebook group, their profile pictures, as well as the group name, the number of users, and the content that was posted in the group - as long as permission was authorized by an administrator of the group. After that date, developers could only see the group name, content, and the number of members; if they wanted the other information, individuals would have to opt-in.

However, in a blog post, the social media giant has said that some developers enjoyed continued access to the profile pictures and names of members after the change to the Groups API. Further, up to 100 partners may have retained such data, and in the last 60 days 11 partners accessed group information. These apps, according to Facebook, were mostly social media management and video streaming apps: "If a business managed a large community consisting of many members across multiple groups, they could use a social media management app to provide customer service, including customized responses."

Facebook says that it has seen no evidence of abuse and will be asking app developers to delete any member data they have retained, as well as conducting audits to ensure that the data has been properly deleted.

In a statement, Facebook said that it aims to "to maintain a high standard of security on our platform and to treat our developers fairly. As we've said in the past, the new framework under our agreement with the FTC means more accountability and transparency into how we build and maintain products."

"As we continue to work through this process we expect to find more examples of where we can improve, either through our products or changing how data is accessed. We are committed to this work and supporting the people on our platform."

This is not the first time Facebook has had to investigate developer access to personal information. After the infamous Cambridge Analytica scandal the social media company had to suspend tens of thousands of apps while auditing whether developers had improper access to user data.

Further Reading