The social media giant said it would be notifying the users affected after a bug in its “audience selector” tool automatically made posts public.
“We have fixed this issue and starting today we are letting everyone affected know and asking them to review any posts they made during that time,” said Erin Egan, Facebook’s chief privacy officer, adding: “We’d like to apologise for this mistake.”
Affected users had the privacy settings of their posts automatically set to be shared to “everyone”, even if they had chosen a setting which restricted who could see them.
Facebook said users who were affected by the bug will be notified of the issue on their news feed.
The bug affected Facebook’s internal systems between 18 and 22 May; the social media company was not able to return the posts to their original settings until 27 May.
The proactive admission comes after the company was forced to admit that up to 87 million people may have had their personal information taken by a third party.
While being questioned by US Congress, the company’s chief executive and founder Mark Zuckerberg admitted his personal data was among that improperly acquired by election consultancy firm Cambridge Analytica.
The UK’s data watchdog, the Information Commissioner’s Office, explained to Sky News that as Facebook’s European headquarters are in Dublin, the EU-wide GDPR regulations require the Irish Data Protection Commission (DPC) to take the lead on this case on behalf of EU member states.
The UK’s deputy information commissioner, Steve Wood, told Sky News: “The UK public can be reassured that the ICO will support the Irish data commissioner if required to ensure Facebook takes the appropriate steps to resolve this matter.”
Ireland’s DPC said it was “notified by Facebook Ireland on 27 May 2018 regarding a software issue related to the Facebook platform.
“The DPC is currently engaging with Facebook to analyse this issue in detail and we understand from Facebook that this software issue has been resolved.”