The Facebook scandal, GDPR, and what it means for businesses.
Data compliance. Privacy. Facebook up in flames. The current trends, or worries depending on your stance.
Anyone that’s been keeping an eye on the headlines will have heard about the scandal involving Facebook and Cambridge Analytica.
The General Data Protection Regulations (GDPR) is the EU’s direct effort to stop the future abuse of consumer data.
I have no doubt that most of you will have already read about the details said scandal.
But for the sake of clarity, I’ll recap the events quickly before I’ll talk a little bit about what GDPR policy is, and how it might affect the marketing landscape.
A series of unfortunate events
Our story begins with academic Aleksandr Kogan, who created a simple survey “thisisyourdigitallife” that told people they could find out what kind of person they were.
This was back in 2013. Things were certainly different back then. Including developers being able to access a user’s friends list and their information.
So when Kogan’s survey was completed by about 270,000 people he actually gained the information of about 50 million people.
Give or take.
The problem is obviously that people on someone’s friends list had no input on whether they consented to their data being collected (this was in Facebook’s terms of service, but has since been removed).
This in itself already concerns a lot of people, which is why it is now no longer possible for developers like Kogan to harvest a user’s friends’ information.
But this was just the beginning of the story. He then decided to share this data with Cambridge Analytica, a company that specialized in political propaganda. Facebook argues that this was done in bad faith, since it was against its terms of service (Kogan claims that he had no idea about this). Accordingly, developers are not allowed to share data for commercial use with third parties.
This is where the real trouble started.
Former Cambridge Analytica employee Christopher Wylie came forward explaining how this data was harvested and abused without the knowledge or consent of the users.
The data used, not just for micro-targeting, but to create psychological personality profiles.
One thing to mention is that Cambridge Analytica was used by Steve Bannon as a propaganda tool.
Content was created and targeted at these profiles, to eventually influence their decision making, changing the course of the political landscape in the US election and apparently also in the vote for the Brexit referendum.
This is a very brief summary of events. If you want more details, I urge you to watch Wylie’s full account of events here:
What is the GDPR
These events have sparked an understandable outrage in both the US and the EU. On the 25th of May, a new privacy law will be enforced as a response to these recent events. Called the General Data Protection Regulation (GDPR), this rule aims to ensure that consumers are more aware and, arguably, more importantly, consent to data being collected from them online.
Instead of putting various facts about data collection in fine print neatly tucked away somewhere where you will probably never read them, companies will now have to be clear and articulate about what kind of data they collect, contextual or otherwise.
This data can encompass full name, work address, home address (and any other address for that matter), location data, device data, phone app data, IP addresses, web activity, health and genetic data, biometric data, political orientation, sexual orientation, and any other digital breadcrumbs consumers might leave behind online.
Companies like Cambridge Analytica will now have to explicitly state what they want to do with the data they collect on you, so creating personality profiles and the like will now need users to specifically consent to this.
Furthermore, users will also have the right to access the data that companies store about them, to correct any information they deem inaccurate, and the right to decide how this data can be used by companies, including their clever algorithms and the like.
While these laws will only apply to the 28-member states of the European Union, it can be assumed many of the companies like Facebook will align their global policies to these regulations (well Facebook is a special case, but it is not unthinkable the other giants in Silicon Valley will follow its example).
Additionally, companies that possess any data on consumers that are resident in the EU will also have to comply with these laws.
So basically everyone has to come to grips with GDPR.
If you don’t then you could expect a hefty fine of up to €20 million or 4% of your annual turnover (whichever happens to be higher). That’s a lot of reasons to get your data privacy policies up to scratch.
Adhering to privacy regulations is nothing new. Mobile ad partner inMobi was fined $950,000 in 2016 for not only failing to gain consumer consent but outright ignoring their privacy when they tracked hundreds of millions of user locations. The GDPR will be a lot less tolerant for cases like this.
What does this mean for marketers?
Changes to social media and marketing
Social Media Marketing intrinsically relies on consumer data to display relevant ads. Most businesses however, do not rely on the development and deployment of web applications on platforms like Facebook in order to conduct this form of marketing.
Usually, tools such as Facebook Ads Manager (amongst others) are used to create ads and target a specific group of consumers. Most companies do not actually directly collect data from consumers.
But since it is not exactly how these laws will affect the advertisement industry, not only in the EU but globally it is safe to assume that ads in the foreseeable future might be somewhat less relevant. This is certainly true for businesses that want to collect data about their customers. While the GDPR has strict rules about “personal information” the exact definition of this information still remains as a grey area.
Social Media firms, such as Facebook will certainly have to become very active in communicating and obtaining consumer content.
However, there is certainly opportunity in GDPR as well. An increase in organic growth could occur, which means businesses could further embrace content strategies that engage consumers to actively sign up for their services.
Overall non- or less-invasive digital marketing techniques can be expected to become more effective. It will be more effective to use inbound/pull-strategies rather than pushing your products/services onto consumers.
Overall, it might mean less accurate ads on social media, meaning returns will be slightly lower, but the main focus for businesses should be to make sure that their strategies align with the new law (otherwise the penalty will likely be far more expensive than the lower return from paid social campaigns).