It had to happen eventually.
The Facebook/Cambridge Analytica scandal has hastened the inevitable backlash against rampant data collection and micro-targeting online. And it’s threatening to deliver a wave of regulation behind it.
The story first broke as a result of a joint investigation by The Observer and The New York Times a week ago, but many in the industry familiar with the way Facebook operates could be initially forgiven for underestimating the magnitude of the story.
Because what is now being presented as shocking — the use of social data to target the aspirations and fears of consumers — is basically standard operating procedure for your typical digital marketer.
After all, what Cambridge Analytica did wasn’t new. Indeed, that was how the Facebook platform for developers was designed to work at the time.
As Which-50 writer John Birmingham noted on his Alien Side Boob blog (on Facebook, ironically), “Mark Zuckerberg’s complaint that what they did was unauthorised and unfair is like a mad scientist complaining, ‘I built a monster-making machine, and people used it to make monsters’.”
But the details of what happened, when married to the toxic political climate in the US that Cambridge Analytica helped create, and in the midst of a long-running investigation into Russian interference in US elections, makes this data-privacy story more dramatic.
Unlike many massive data breaches of recent years — which consumers routinely shrugged off — this breach of privacy, enabled by Facebook’s wide-reaching surveillance and incompetent governance, struck a chord with the public (bad for Facebook) and with regulators (existentially awful for Facebook).
Ay, there’s the rub for Zuckerberg and the rest of the leadership team at Facebook. They are not really concerned about a wave of defections from their social network, but they are terrified that regulators will change the rules around how data can be used. That would threaten their spectacularly successful business model.
Facebook’s share price plummeted ten per cent as traders immediately priced a tougher and more unfavourable regulatory environment into its valuation. By last Thursday the company had lost $57 billion in market value.
It fell again after the FTC confirmed it had launched an investigation.
According to Tom Pahl, Acting Director of the Federal Trade Commission’s Bureau of Consumer Protection, “The FTC is firmly and fully committed to using all of its tools to protect the privacy of consumers. Foremost among these tools is enforcement action against companies that fail to honour their privacy promises, including to comply with Privacy Shield, or that engage in unfair acts that cause substantial injury to consumers in violation of the FTC Act.”
His statement also noted that companies who have settled previous FTC actions must also comply with FTC order provisions imposing privacy and data security requirements.
“Accordingly, the FTC takes very seriously recent press reports raising substantial concerns about the privacy practices of Facebook. Today, the FTC is confirming that it has an open non-public investigation into these practices.”
As well as the FTC probe, the company now faces investigations by multiple US state attorneys-general, and questions from officials in Europe — including the UK’s Information Commissioner, whose staff raided Cambridge Analytica last week in London.
Facebook said it will investigate all apps that had access to large amounts of information before it changed its platform “to dramatically reduce data access in 2014”. Any developer that doesn’t pass the audit will be banned from the social media network. Users will be notified if it is discovered their data has been misused, including those who downloaded — or whose friends downloaded — Thisisyourdigitallife, the app that was used to harvest the information given to Cambridge Analytica.
All of which is to say this story isn’t going away anytime soon.
The furore comes after months of debate about whether technology giants like Facebook, Google and Amazon should be broken up and/or more closely regulated. Some kind of regulation seems inevitable now, even if it is slow-moving.
Along with Europe’s incoming GDPR regulation, the scandal gives data-driven decision makers reason to pause. Businesses that are making big investments in technology stacks based on collecting consumer data are faced with the reality that this technology investment might be superseded by a change in consumer attitudes or regulation.
The advice from Benjamin Bloom, Gartner Research Director for Marketing Technology and Emerging Trends, isn’t to abandon their efforts — but to invest in building “their own war chests of consumer data”.
“My research on this topic has shown that marketers must increase their awareness and investment in analytics and customer data technologies to gain customer experience advantages and to insulate them from the whims of scaled digital platforms such as Facebook, Google, and Amazon,” Bloom told Which-50.
Google, Facebook and Amazon offer powerful data-driven solutions, but limit the portability of data that marketers need for measurement and insights. That means marketers will need to make their own investments to future-proof their marketing tactics.
Building a wall
“The ‘walled gardens’ have become increasingly powerful in tracking users across platforms and devices. Recent changes from Apple have had a material impact on the tracking of users on mobile devices. It is incumbent upon brands to build their own war chests of consumer data and to ensure that they provide fair value back to the customer when collecting their data.”
Ad buyers will explore tactics which will still give them reach with zero liability, according to an agency exec speaking to Digiday.
Turning to the subject of trust, the high-profile scandal will likely make consumers more suspicious of marketers’ methods and motives.
“Marketers should be on alert that response to marketing content, offers and messages could be affected by the perception that brands are out to manipulate their audiences,” Bloom warns.
“They must tread carefully the line between personalised or targeted, and creepy. The line between a 1:1 customer journey and an invasion of personal space is being more closely monitored.”
Privacy by design
Gartner’s research recommends marketers use technologies that help capture and manage customer profiles. For example, data management platforms (DMPs), customer data platforms and identity management tools track complex audience behaviours.
Bloom argues that marketers and data professionals already hold themselves to a generally higher standard when it comes to safeguarding personal data.
“Data and BI professionals in leading companies adopt a ‘privacy by design’ approach to storing consumer data: storing as little as is needed to deliver needed functionality or personalisation, and using encryption and access control to reduce the risk of consumer information being revealed,” Bloom says.
Facebook’s handling of the Cambridge Analytica debacle over the years before the story became public serves as a reminder that security and privacy aren’t interchangeable. Internet giants may be the best in the world for security, for example, but not necessarily privacy.
Writing in The New York Times, associate professor at the University of North Carolina Zeynep Tufekci puts it a different way:
“If Facebook failed to understand that this data could be used in dangerous ways, that it shouldn’t have let anyone harvest data in this manner and that a third party ticking a box on a form wouldn’t free the company from responsibility, then it had no business collecting anyone’s data in the first place. But the vast infrastructure Facebook has built to obtain data, and its consequent half-a-trillion-dollar market capitalisation, suggest that the company knows all too well the value of this kind of vast data surveillance.”
Who’s leading the backlash
Advertisers can’t, and probably won’t, walk away from buying ads on the platform.
According to Gartner’s The State of US Advertising, 2017-2018, Google and Facebook together will take in 72 per cent of digital ad revenue earned by all digital publishers, ad networks and ad tech vendors in the US. That’s up from 69 per cent in 2016.
Similarly, consumers are unlikely to desert the platform in a way that will materially impact the company’s bottom line despite the emergence of a #DeleteFacebook campaign.
Earlier this year, L2 Founder and NYU Stern Professor Scott Galloway told Which-50 he believes the two cohorts that will lead the battle against big tech will be regulators and parents.
“Consumers talk a big game about supply chain ethics and then want a little black dress for $9.99. They claim to care about their privacy and then less than one per cent clear their cookies. So this revolution will not be consumer-led,” Galloway said.
Instead, Galloway — an advocate for breaking up Google, Facebook, Apple and Amazon — argues that European regulators and concerned parents will be the ones to cause headaches for Facebook.
“I think it will be led by regulators out of Europe and parents globally who are starting to observe their kids having more what I’ll call emotional stress and strain at the hands of social media platforms,” Galloway said.
In Australia, Information and Privacy Commissioner Timothy Pilgrim said last week that his office is making inquiries with Facebook to determine whether Australians were affected by the Cambridge Analytica data breach.
It’s not the end of the World (Wide Web)
In response to the scandal, World Wide Web creator Tim Berners-Lee struck an optimistic tone, saying all can be repaired.
“This is a serious moment for the Web’s future. But I want us to remain hopeful. The problems we see today are bugs in the system. Bugs can cause damage, but bugs are created by people, and can be fixed by people,” Berners-Lee tweeted.
“General rules for us all: Any data about me, wherever it is, is mine and mine alone to control. If you are given the right to use data for one purpose, use it for that purpose alone.”
So why is this moment different to all the previous huge and arguably more global breaches? Theft of medical data, for instance, is arguably more problematic — and more common. Likewise, credit card and financial data.
And as Facebook said — in a typically tin-eared response last week — this wasn’t even a breach. The original researcher who hoovered up Facebook’s data, Aleksandr Kogan, did so legitimately. He then passed it to Cambridge Analytica illegitimately.
His Russian-sounding name, the fact that he worked in St Petersberg, and had Russian clients at the same time, only added to the delicious madness of the story. (As did the fact that he briefly changed his surname to Spectre — the acronym for the international organisation for evil in the original James Bond novels. You can’t make this stuff up.)
We asked marketing, communication and media professionals to tell us why they felt this story has cut through like none previously (for instance, Facebook was pinged by the FTC in 2011, but no one much cared at the time).
According to Janine Peres, founder and CEO of Thinksmart Marketing, a Sydney-based marketing agency, “Like all significant change events, the collective pain threshold was finally met.”
Pares told Which-50 the context is important. “[There is] a growing undercurrent of fear of the power and control of the big platforms like Facebook and Google — we hate the data they hold on us all, and we worry about what they might use that data for — but we also benefit from that data and so we tolerate the fear and the pain (how bad could it be, right?).
“But it was US President Donald Trump’s unexpected November 2016 election win that really explains why this story is reverberating. Depending on your politics, Trump is either a welcome disruptor to a corrupt world order, or a Russian intelligence asset. If you’re an independent, both might be true.
“People are demanding to know why and how. His win also sent Cambridge Analytica straight into the mainstream as the hero (or villain) of the Trump win. Our greatest fears have been realised in ways we couldn’t have predicted. Data is used to influence election outcomes. Now it’s real and it impacts regulators, politicians, and everyday people. It’s too big a price to pay to do nothing.”
Carolyn Loton, owner and director of Juntos Marketing, said “we are only just now starting to see the outcomes of the social experiment we are all living through. The level of social connection through Facebook, as well as the total lack of regulation — the lawlessness of social media — both are unprecedented. So this Cambridge Analytica breach of privacy tangibly demonstrates what has been hypothetical in a way until now, yet is what we all fear.”
The final word goes to Simon Sharwood, APAC editor of global tech media title The Register, and an occasional Which-50 contributor.
“This was everyone’s half-articulated fears made real in both the private and public spheres. We all fear the loss of personal privacy. We’ve all learned to fear weaponised information. This realises both those fears at once.”