Unless you’ve been living under a rock for the past couple of weeks, you’ve no doubt been hearing about the latest Facebook data breach scandal, which is arguably the biggest public relations crisis Facebook has ever faced.
But what exactly does it mean for you, as a marketer and advertiser? And should you be frantically reworking your social media strategy even as we speak?
To answer these questions, it’s important to have a thorough understanding of the nuances of the story.
So, without any further ado, let’s dive right in.
The scandal was broken by The New York Times and the Guardian, who published articles just a couple of weeks ago on 17 March, after former Cambridge Analytica employee turned whistleblower Christopher Wylie decided to blow the lid on the entire thing. The story itself, however, is a convoluted one that stems from way back in 2014.
It begins with Cambridge Analytica, at the time a relatively newly formed data mining and political strategising firm (or what Christopher Wylie would call in 2018 “a full-service propaganda machine”). Cambridge Analytica claimed they were able to use psychographic information, such as Facebook likes, to assess people’s personalities, thereby helping them to more effectively target political advertising to voters. The only problem? They didn’t actually have the data to enable them to do that.
Enter Aleksandr Kogan, a data scientist and professor at Cambridge University. In 2014, Kogan developed a Facebook app called “thisisyourdigitallife”, in which users were paid to take a personality test. The 270,000 people who downloaded the app were told the data would be used for academic purposes – what they were not told, however, was that their data, along with the data of their entire network of friends, would be sold to Cambridge Analytica, in a total violation of Facebook’s rules. (This was because, at the time, Facebook’s platform API allowed developers to access information about not just the user who downloaded the app, but the user’s friends as well. This type of access was curbed by Facebook in mid-2014.)
It was in this way that Cambridge Analytica was able to gain access to the information of reportedly 50 million people (mostly registered US voters), without the majority of users’ awareness or consent. They then used the data to build the models that would come to influence voters in several US elections, including the recent Trump presidential campaign, as well as the “Vote Leave” Brexit campaign.
In 2015, Facebook discovered the data leak, though they failed to inform the public at the time. They did, however, request that Cambridge Analytica destroy the data. While Cambridge Analytica “certified” to Facebook that they had done so, Facebook never verified for themselves that the request had actually been fulfilled, nor did they perform a single audit of their systems.
Fast-forward to 2018, and Wylie’s revelations, which brought the whole sordid tale to the public’s attention.
And the fallout continues, with former Facebook platform operations manager Sandy Parakilas reporting that numerous companies exploited the same terms to harvest user data, potentially affecting hundreds of millions of Facebook users.
Why is everyone so angry?
Most of us understand that the price of having a digital presence is relinquishing some of our personal data, and that data will be monetised by those collecting it. And we are, for the most part, happy to pay this price if it means a better user experience – for example, many of us are happy for Spotify to know what music we listen to, if it means we get more personalised playlists. Indeed, marketers have been using data about people to more effectively target them and create better products and services since time immemorial (or at least since marketers have existed).
Most people, however, believe that this data still has to be given with full consent (while the 270,000 users who originally downloaded Kogan’s app may have provided their consent, their networks of friends certainly did not), and most people also believe that we should know what will be done with our data.
What the Facebook data breach has revealed, though, is that we have much less control over our own data than we think, and that our data can be put to potentially nefarious uses, like manipulating our very beliefs to influence the outcome of a supposedly democratic election, without our knowledge.
It has also revealed that the trust we place in organisations to protect our data may have been misplaced, as Facebook failed to inform users of the breach, and also failed to recover and secure the data in question. In fact, in the immediate aftermath of the scandal, Facebook even denied it was a data breach, with Facebook vice-president Andrew Bosworth tweeting, “People chose to share their data with third party apps and if those third party apps did not follow the data agreements with us/users it is a violation. No systems were infiltrated, no passwords or information were stolen or hacked.”
This scandal has raised essential questions about whether entities like Facebook have done enough to protect user privacy, and what regulations (if any) are needed to restrict access to users’ data.
“I actually think that we are about to enter a new age in which consumers, regulators and legislators will start to call out the practices of companies like Facebook, which claim to rely on ‘consent’ … as based on an absurd legal fiction which can no longer stand,” said Anna Johnston, director of privacy consultancy Salinger Privacy and a former NSW deputy privacy commissioner. “Having one line in the standard Facebook T&Cs which says that by signing up to Facebook users are ‘consenting’ to the use and disclosure of their data ‘for research’ makes a mockery of the law of consent, as well as established ethical rules regarding research activities.”
Is the data of Australian citizens involved?
UPDATE: Facebook has just revealed that the data of more than 300,000 Australians may have been exposed as a result of the Cambridge Analytica data breach, which is now reported to have affected 87 million users worldwide.
It’s unclear yet whether Australians have been affected, with the Privacy Commissioner’s office reporting they have asked Facebook if the data of any Australian citizens have been acquired and used without authorisation to build profiles that political parties could use to target voters.
A documentary by Channel 4, however, has indicated that Cambridge Analytica at least had plans of working in Australia. “We’ve done it in Mexico, we’ve done it in Malaysia, we’re now moving into Brazil, Australia, China,” Cambridge Analytica's managing director of political operations Mark Turnbull was captured saying on hidden camera.
Both the Labor and Liberal parties have denied working with the company.
What is being done about it?
In a lengthy post posted on 21 March, Facebook CEO Mark Zuckerberg reported several measures they would be taking in an attempt to mitigate this crisis, including:
- Investigating all apps that had similar access to large swathes of user data prior to 2014
- Restricting developers’ data access even further (e.g. by removing their access to your data if you haven’t used their app in 3 months)
- Reducing the amount of data users give apps when they sign in to only a name, profile photo and email address
- Providing a privacy tool, which will appear at the top of users’ News Feeds and show users exactly which apps are currently accessing their data, so users can easily restrict access to apps they are no longer using
As Facebook prepares to answer to governments around the world, we should also expect to see more federal regulation in this area in the coming months.
What does this mean for marketers and advertisers?
As the ways in which we gather and use data is increasingly put under the magnifying glass, it is important for marketers and advertisers to have a laser-like focus on transparency and accountability with customers, in order to re-establish trust.
As CMO Council senior VP of marketing Liz Miller put it: “Think long and hard about how you explain data policies and the value intelligence will bring to your customers, and then deliver – every time. Our customers are willing to provide us with data, and they will volunteer it in exchange for value. But thanks to Cambridge Analytica, some of that trust is eroded and we will need to win it back.”
So … should I keep advertising on Facebook?
As the #deletefacebook campaign gains traction in Australia, it is perfectly sensible to worry about your Facebook advertising budget and consider whether or not that money might be better invested elsewhere (such as LinkedIn, which will likely be the primary focus of most b2b companies’ social media marketing strategies anyway).
But, as an article by Quartz points out, Facebook may just be too big to fail – with over 2 billion users, even if there was a mass exodus, and a million people left the platform, that would still only be 0.05% of its user base. Many users have also pointed that out that deleting Facebook is not necessarily feasible, citing it as an essential means of staying in touch with their business and social networks, with no real alternative.
And, in the end, deleting your Facebook account doesn’t really address the underlying problem. As Safiya Noble, assistant professor of information studies at the University of Southern California and author of Algorithms of Oppression said, it has “little impact on finding real solutions to the way data is being collected, sold, and used against the public. This issue isn’t just about one platform like Facebook, and the issues of surveillance and experimentation on the public; it’s about the many companies that are tracking and profiling us, and the abuses of power that come from having vast troves of information about us, available for exploitation.”
It’s unlikely, therefore, that advertisers will move away from the platform (though some, like Sonos and Mozilla, have said they are temporarily suspending Facebook ads in response to the scandal) and Facebook will likely remain an important platform for b2b marketers going forward.
We do recommend, however, that marketers continue to closely monitor their user bases in order to more precisely gauge how the fallout of the scandal may impact on their marketing efforts.
Do you have any questions about your social media marketing strategy in the wake of the Facebook data breach? We’re always happy to help – just drop us a line.
Brand chemistry is a strategic inbound marketing agency that goes the extra mile to deliver results for our b2b clients. Our inbound marketing specialists are HubSpot certified and use the latest techniques to provide our clients with a steady stream of relevant new leads.