Facebook will deny those application developers access to "communication channels" for six months, wrote Mike Vernal, on Facebook's blog, late on Friday. The developers number fewer than a dozen, he said.
[ Also on InfoWorld: Robert X. Cringely reveals how online advertisers are selling you out. | Stay ahead of the key tech business news with InfoWorld's Today's Headlines: First Look newsletter. | Read Bill Snyder's Tech's Bottom Line blog for what the key business trends mean to you. ]
The developers were being paid by a data broker for user IDs, unique numerical identifiers assigned to the site's users, which can appear in a URL when they use the site.
As a result, "we will require these developers to submit their data practices to an audit in the future to confirm that they are in compliance with our policies," Vernal wrote. "This impacts fewer than a dozen, mostly small developers, none of which are in the top 10 applications on Facebook Platform."
After an investigation into online privacy by the Wall Street Journal, Facebook said last month that in some cases user IDs were inadvertently being passed on to applications, which is against Facebook's policy. The situation was due to a Web standard called referral URLs that lets a website know where a person was previously browsing.
The user IDs do not contain personal information, but could lead to information that the person has chosen to display publicly. The latest revelation, however, shows that some application developers were then passing those user IDs to a data broker. Those brokers typically compile information to sell to advertising networks so users can be targeted with ads that are related to their personal interests.
"Facebook has never sold and will never sell user information," Vernal said. "We also have zero tolerance for data brokers because they undermine the value that users have come to expect from Facebook."
The brokers claim the information is made anonymous enough so that an individual users can't be identified, but privacy activists often question their methods.
Vernal wrote that Facebook is working on a "technical solution" to prevent inadvertent passing of user IDs, and will also work with browser vendors on the issue.
The technical fix, to be released next week, will allow application developers to share a unique but anonymous identifier with permitted third parties such as content partners, advertisers or service providers, Vernal wrote.
Facebook will also mandate that user IDs can't leave an application. Developers will still be allowed to use services such as Akamai and Amazon Web Services as long as the services keep the user IDs confidential, Vernal wrote.