I led Facebook’s efforts to fix privacy problems on its developer platform in advance of its 2012 initial public offering. What I saw from the inside was a company that prioritized data collection from its users over protecting them from abuse. As the world contemplates what to do about Facebook in the wake of its role in Russia’s election meddling, it must consider this history. Lawmakers shouldn’t allow Facebook to regulate itself. Because it won’t. For a few years, Facebook’s developer platform hosted a thriving ecosystem of popular social games. Remember the age of Farmville and Candy Crush? The premise was simple: Users agreed to give game developers access to their data in exchange for free use of addictive games. Unfortunately for the users of these games, there were no protections around the data they were passed through Facebook to outside developers. Once data went to the developer of a game, there was not much Facebook could do about misuse except to call the developer in question and threaten to cut off the developer’s access. As the I.P.O. approached, and the media reported on allegations of misuse of data, I, as manager of the team responsible for protecting users on the developer platform from abuse of their data, was given the task of solving the problem.
