What going on?
The New York Times and The Observer of London made waves on both sides of the Atlantic this month with reports that Cambridge Analytica, a political data firm, illegitimately accessed the profiles of 50 million Facebook users to influence political advertising during the 2016 presidential campaign. The reports claimed that Cambridge Analytica also influenced the 2016 Brexit vote.
Cambridge Analytica claimed to have tools that could identify the personalities of American voters and influence behavior. The firm used the data from Facebook profiles to develop the “techniques that underpinned its work on President Trump’s campaign in 2016,” according to the New York Times.
How did Cambridge manage to access Facebook profiles?
According to a report from The Guardian:
The data was collected through an app called “thisisyourdigitallife,” built by academic Aleksandr Kogan, separately from his work at Cambridge University. Through his company Global Science Research (GSR), in collaboration with Cambridge Analytica, hundreds of thousands of users were paid to take a personality test and agreed to have their data collected for academic use.
Cambridge Analytica was then able to access the data of the friends of the 270,000 users who took the personality test, yielding information from 50 million profiles. That data was then used to build psychographic profiles to inform political advertising campaigns. Facebook’s platform policy at the time only allowed apps to collect data from users’ friends to improve the user experience, they were not allowed to sell data or use it for advertising. The report said Cambridge Analytica obtained the data under the guise of academic research by Kogan.
What did Facebook do when they found out?
Facebook eventually became aware of the data leak and asked that it be deleted. But it was too late and Cambridge Analytica reportedly still has much of the user data.
In a recent Facebook post, Facebook CEO Mark Zuckerberg explained how the company responded when they first learned about the issue:
In 2015, we learned from journalists at The Guardian that Kogan had shared data from his app with Cambridge Analytica. It is against our policies for developers to share data without people’s consent, so we immediately banned Kogan’s app from our platform, and demanded that Kogan and Cambridge Analytica formally certify that they had deleted all improperly acquired data. They provided these certifications.
What is Facebook going to do about it?
Facebook is under a lot of pressure to provide more detail on a variety of questions: How did they allow this to happen? How much user data does Cambridge Analytica still have? How are they going to prevent third parties from further abusing their data? How are they going secure data going forward?
Beyond providing further information, Facebook needs to act. They need to implement the kind of changes to stop this from happening again and regain their users’ trust.
The company has taken a number of steps to address the issue. Facebook’s biggest move has been the removal of third-party data integrations with partners like Oracle, Experian and Acxiom that supplement Facebook’s data and allow for more precise ad targeting. Once the integrations are gone, advertisers will only be able to use Facebook’s data or their own customer lists. This means advertisers will no longer be able to tie in users’ offline behavior and social lifestyle traits (i.e., specific household income data, shopping intent, etc.).
Facebook has also paused their app review process, effectively blocking new apps from joining the platform. Here’s a snippet from a piece from The Verge on the move:
Facebook appears to be reevaluating how it approves apps due to how easily the third-party survey app, called “thisisyourdigitallife,” was able to mine data and sell it with little to no oversight from Facebook, and for Cambridge Analytica to retain that data even after claiming to the company that it had deleted it. “To maintain the trust people place in Facebook when they share information, we are making some updates to the way our platform works,” writes Ime Archibong, Facebook’s vice president of partnerships. “We know these changes are not easy, but we believe these updates will help mitigate any breach of trust with the broader developer ecosystem.”
Earlier this week, Facebook also announced a series of updates designed to give users more control over their privacy and the data they share on the platform. Facebook laid out the following updates in a blog post.
Controls that are easier to find and use
We’ve redesigned our entire settings menu on mobile devices from top to bottom to make things easier to find. Instead of having settings spread across nearly 20 different screens, they’re now accessible from a single place. We’ve also cleaned up outdated settings so it’s clear what information can and can’t be shared with apps.
New Privacy Shortcuts menu
People have also told us that information about privacy, security, and ads should be much easier to find. The new Privacy Shortcuts is a menu where you can control your data in just a few taps, with clearer explanations of how our controls work. The experience is now clearer, more visual, and easy-to-find. From here you can: make your account more secure, control your personal information, control the ads you see and manage who sees your posts and profile information.
Tools to find, download and delete your Facebook data
It’s one thing to have a policy explaining what data we collect and use, but it’s even more useful when people see and manage their own information. Some people want to delete things they’ve shared in the past, while others are just curious about the information Facebook has. So we’re introducing Access Your Information – a secure way for people to access and manage their information, such as posts, reactions, comments, and things you’ve searched for.
What ripple effects will this have?
It’ll be interesting to see how platforms like Google and Amazon capitalize on Facebook removing the third-party data integrations. My prediction: Amazon will capitalize on their knowledge of consumer behavior and shopping trends to heavily go after CPG brands. For their part, Google will rely heavier on their Oracle data integrations.
This could present a significant opportunity for Amazon at a time when the company has already been taking a larger slice of digital advertising revenue from Facebook and Google.
Share of U.S. digital ad revenue (% of total)
Related – Sleeping Advertisers Wake to Amazon’s Giant Opportunities
Overall, I don’t think that Facebook will take an immediate hit from the move to drop third-party integrations specifically because most people probably didn’t know all this extra data was being pulled in. However, with the Cambridge Analytica fallout combined with less data for targeting, the second quarter of 2018 might not be the best investor reporting Mark Zuckerberg delivers.
The story does highlight the importance of protecting personal data. It’s a responsibility shared by everyone – users, platforms and advertisers. At Mindstream, we have strict processes in place to protect the data we get from our partners and our clients. The Facebook/Cambridge situation coupled with the pending implementation of the European Union’s new uniform data privacy laws only reinforces the importance of these processes.