This post is composed of two blog posts that were published in March and May 2018. They are compiled here, reflecting both the immediate reaction to the Cambridge Analytica scandal.
When it was revealed that Cambridge Analytica, a marketing firm, used questionably obtained data to aid in the election of President Donald Trump, many users of the platform were outraged.
A hashtag gained steam on Twitter: #deletefacebook.
I was on Facebook for 10 years, having joined in 2008. I just deleted my account. No withdrawals symptoms . . . so far. Stay tuned. #DeleteFacebook
— Mae T. (@mspoint1106) March 27, 2018
The UK-based firm, Cambridge Analytica, used data that was scraped from Facebook by a university worker. Facebook allows researchers to access and scrape data from its platform. In this case, the data was then turned around and sold, causing outrage.
But this was just the nature of how Facebook’s platform works. Get a free service to communicate with your friends and family and share your pictures, get your data sold to millions of advertisers worldwide.
The public’s reaction to this is a far more interesting detail. Facebook doesn’t widely advertise what happens when you sign up for their platform, it’s not conducive to ensuring that users sign up. Sure, it’s in the user agreement, but who reads that?
But it’s a model that Google, Amazon, and countless other companies, big and small, use to market their products and services. They create detailed profiles of their customers and potential customers and use those to determine and shape their audience’s behavior.
Maybe it’s just because it’s politics, or that the company outright misused data from a platform that over 2 billion people use daily.
A month after the scandal, the Senate questioned Mark Zuckerberg. It would have been hilarious if it wasn’t so horrifying.
Obviously, Facebook was at the epicenter of the data fiasco that was the Cambridge Analytica scandal. Even if the questions that Congress asked Mark Zuckerberg were often out-of-touch, it was a clear message that Facebook needed to take additional steps to ensure the security of its users and their data.
They sent a pop-up to Facebook users, noting changes and updates to the language in their terms of service. These documents answer many of the questions both brands and users might have about how their data is being used. These changes fell into a couple of different categories.
Third Party Data
In the Facebook Business Manager, you can upload custom audiences. In other words, you can input your own CSV file with all your contacts. That means you’ll be able to reach those that are already on your mailing list (granted you have the email that is attached to their Facebook account).
Business Manager is a great feature, but Facebook had to make some changes to its policy post-Cambridge Analytica. Now, when you use the custom audiences tool, you agree to the following:
- You have all the necessary rights and permissions to use this data
- If you are using the data on behalf of another brand, you must have the correct permissions to do so
- You may not sell or transfer custom audiences
- You must be an advertiser, agency, Ads API or Custom Audiences API partner to use custom audiences
In exchange, Facebook guarantees:
- Facebook won’t share the custom audience data with third parties
- Facebook will ensure that your custom audience data stays secure and private to you
- Facebook holds the right to terminate the custom audiences tool at any time
These changes are likely both a response to Cambridge Analytica and partially in response to the GDPR data compliance rules that were put into place this year.
Gathering Data Through Facebook
There’re a variety of tools you can use in Facebook’s Business Manager that allow Facebook to collect data on behalf of your brand. There are two types of data that Facebook collects:
- Contact information – these are the names, phone numbers, and email addresses that Facebook uses as identifiers
- Event data- this is data regarding the actions that your target audience might take on your website, apps, or in your stores.
When you use these tools with Facebook, you agree to:
- Have all the correct rights and permissions to collect, use, and share this data with Facebook. You either:
- Collected the data from the individuals themselves
- Or have all the proper permissions to use and share this data
- You will notify Facebook is there is a written complaint or threat related to the use of personal data
- You will not share data from those under the age of 13 or that includes health, financial information, or other instances of sensitive information.
- If you use Facebook’s tracking pixels, they must be:
- On your own website or apps
- You disclose to those using your website that their data may be collected by a third party and give them options to opt out
- Facebook reserves the right to suspend or terminate your Facebook Business Tools account at any time.
These privacy measures ensure that brands are responsibly handling the data of their audiences and have full rights to do so.
Since Hootsuite is a partner with Facebook and Instagram, it is interesting to look at how the companies’ relationship is changing under the scrutinizing eye of the web.
Here are some of the changes that Hootsuite users might have noticed:
- Facebook Ground, Event, and Page Search streams will no longer contain identifiable information
- You can no longer add streams for pages that you do not own
- Event streams for specific Facebook profiles have been discontinued
- Mentioning other Facebook Pages in posts is not supported anymore
- Facebook profiles will need to re-authenticated every 90 days
The Hootsuite changes are even more telling than what Facebook released. Look at how much data has been stripped from Hootsuite’s integration in Facebook’s effort to keep data safer. Now companies that may manage other brand’s social media accounts via Hootsuite will have less access to data. And Hootsuite itself has drastically less personal, identifiable data to work with.
Many of the same changes carried over to Instagram. They include:
- You can no longer like or comment on Instagram posts from Hootsuite
- You can no longer follow or unfollow users via Hootsuite
- You can no longer mention Instagram users in posts
- You cannot comment on any Instagram posts except your own
- Instagram data will not be available in Hootsuite Impact’s Brand Track and real-Time Competitor Report Modules
- Identifiable Instagram data will no longer be displayed in searches, comments, and mentions
- Instagram user profile information will no longer be available
Companies like Hootsuite are most likely impacted the most by these data crackdowns. Look how many tools Hootsuite has that are rendered obsolete or unusable following these changes.
Twitter responded gracefully to the data privacy debacle. They released a statement that describes to users how their data might be used, and how they can opt out of having that data shared.
They talk about:
- Real-Time Bidding (RTB) – this is the system where brands can buy ads based on certain, non-identifiable user information. Twitter does not share your name or other identifiable data, but the brands that obtain this device-level data might be able to link it to you if they have the data points to do so.
- Conversion tracking – this relationship allows Twitter to share information with partners who offer measure and analytics tools to advertisers. If a mobile device viewed an ad for an app, then downloaded that app, this data would be shared with the advertiser so that the
Of course, that was before Twitter discovered a glitch in its system that allowed user passwords to be accessed due to a lack of encryption. They even handled that well, automatically prompting users to change their password the first time they logged onto their account after the glitch was discovered.
These are just some of the first steps that brands are taking to ensure that users are confident in what and how their data is shared. In the case of Facebook, it was a matter of making what is shared more transparent to consumers, while also cracking down on third-party applications pulling identifiable data.
The result of the crackdown is that third-party social media tools will be less practical for brands to use, as they won’t be able to access a lot of the features that caused many brands to use them in the first place. This is good news for the platforms themselves, it means brands will have to do more work on their platform directly.
What lessons can marketers learn from this incident?
Understand Many of Your Leads Are Unaware of Data Marketing
In many cases, your leads don’t understand how data marketing works, and likely don’t realize that all of their actions are being tracked.
Many marketers were not shocked at the data that Cambridge Analytica used because we basically assume all our digital actions and transactions are being tracked.
Many people never think about that and sign up for email lists willy-nilly. They don’t realize the implications of filling out a form for a giveaway.
Don’t assume your leads know how you have linked their IP with their Google account and the data you’ve had them input on your website. Most people don’t realize that’s how that works. That’s part of the reason this controversy got so big.
Don’t Abuse Your Knowledge
I guess the answer here is, if you have it, don’t flaunt it.
Don’t have your website automatically greet a user by name if you’ve linked them to their IP address. One, it could be incorrect, as many companies have shared IP addresses and two, that’s creepy.
Keep the Amazon model in mind. They have massive banks of data on shoppers and their habits, but they don’t go out of their way to flaunt that.
They only show off their data on you when they are trying to provide you with value. That’s a good rule of thumb, but remember even valuable information, if they don’t know you have it, can cross the line into creepy and uncomfortable.
Tell Them Upfront What Their Data is Being Used For
We will likely see a wave of savvy folks more jealously guarding their data after this news.
When you ask for data, be upfront about what is going to happen to it. And be honest.
Don’t just tell consumers that you’re collecting their data “for a better ad experience.” That’s both true and dishonest. You are serving them a better ad experience, but you are also profiting from exchanging their data.
Give them an idea of the value exchange they are making when someone signs up for your email list. If you plan to sell their data, they should know that. Your buyers will enjoy your transparency and will feel confident trusting you with their data.
On top of telling them what you do with their data, give them promises on how you will keep their data safe. Tell them how their data is stored and what measures are being taken to keep it safe and sound.
Build Their Trust
Additionally, send them content that gives them the value that you promised. This makes them trust you more because it doesn’t get their hopes up only to let them down.
If your headline makes a promise, deliver on it. Don’t leave them feeling frustrated because they didn’t get out of it what they expected.
As the public becomes more knowledgeable about how their data is being used and abused by companies around the world, I think we’ll see even more outcry. There’s a reason so many companies have been so quiet about Cambridge Analytica.
I’m sure that, as a result of these findings, we’ll see paradigm shifts in both public opinion and policy. As a marketer, you need to keep a finger on the pulse of these attitude changes to ensure your company is both compliant and popular.
What was your reaction to the Cambridge Analytica scandal? Have you heard anything from your audience about it? Let us know in the comments section.