Facebook has hired an outside auditing firm to figure out if Cambridge Analytica, the analytics firm used by President Donald Trump during the 2016 election, still has Facebook user data it promised to destroy back in 2015.
The audit, which Facebook says Cambridge Analytica will comply with, is the latest move to stem a controversy that erupted over the weekend.
The gist: The social giant suspended Cambridge Analytica from Facebook on Friday, claiming it was suddenly unsure if the firm had deleted data for millions of Facebook users it had obtained in 2015 in a way that violated Facebook’s terms of service. Cambridge Analytica told Facebook the data was deleted at the time — and still maintains that it was — but reports in both the New York Times and the Observer on Saturday found otherwise.
Now Facebook is actually taking action to determine if user data for roughly 50 million people still exists. The company has hired Stroz Friedberg, a digital forensics firm focused on cybersecurity, to run the audit.
“If this data still exists, it would be a grave violation of Facebook’s policies and an unacceptable violation of trust and the commitments these groups made,” Facebook wrote in a blog post Monday. “We are moving aggressively to determine the accuracy of these claims.”
Regardless of what Facebook finds, there are still issues with its data policies. Many third-party developers have access to Facebook user data through the company’s APIs, and it is only after these developers knowingly break the rules that Facebook can punish them. While an audit will hopefully help clear up the situation with Cambridge Analytica, it doesn’t mean that other developers aren’t abusing Facebook’s systems in the same way.
Facebook says it takes pains to ensure developers who use its APIs do so appropriately, but as the Cambridge Analytica story shows, companies with negative intentions can still find ways around the policies.
“We also want to be clear that today when developers create apps that ask for certain information from people, we conduct a robust review to identify potential policy violations and to assess whether the app has a legitimate use for the data,” Facebook’s post continues. “We actually reject a significant number of apps through this process.”
This article originally appeared on Recode.net.