Cambridge Analytica (CA) obtained personal data of about 87 million Facebook users without their consent with the hopes that they could use this data to develop psychographic profiles of those users.
The data was collected a few years ago through a third-party app that had to be downloaded by a user, and the app was approved by Facebook (it was created by a university researcher who claimed it was for academic purposes). Those who downloaded the app unknowingly gave CA access to their data and their friends’ data.
Facebook has stated that it suspended CA in 2015 after being notified about the improper use of data and asked the company to delete this information because of the policy violation. The data was not deleted and was allegedly used for ad targeting during the 2016 election. It also should be noted that major changes have been made to how apps function through Facebook today that prevent this type of incident from happening again.
It is important to note that this involved the misuse of data, and it was not a data breach.
How might it impact us now and going forward if this becomes a recurring issue?
The most significant impact of this scandal is yet to be seen. Facebook (and all social platforms) have existed without any sort of regulatory oversight. We expect that this event could be the catalyst that leads to more regulation as it relates to social media advertising. We don’t anticipate that this will have any impact on what brands/organizations can and cannot post on Facebook. This is not a content issue, this is an advertising issue.
Mark Zuckerberg testified before Congress on April 11. And while many expected this meeting would give some insight into where future regulations could focus, much of the conversation focused on what exactly is Facebook and how it works. Congress’ lack of understanding of social media platforms in general, seems to have slowed down talks of regulation significantly.
With that said, there are a few likely scenarios we can anticipate:
- Congress enacts regulations similar to what the EU has put into place
- There’s already been leaked information showing that Facebook is moving to require businesses to certify that you have permission to use the data that is uploaded for Facebook’s Custom Audience targeting
There isn’t much that impacts how individual businesses use Facebook, so long as they are not using data incorrectly or for malicious purposes.
Do we continue to stay on Facebook? If so, why? If not, why?
This issue aside, Facebook is still the largest social media platform out there, and for most organizations, it is the most cost-effective way to communicate with external audiences. Despite the interest in hashtag movements such as #DeleteFacebook, we have not seen any news stories reporting a substantive decline in users. We may know more on April 25 when Facebook holds its quarterly earnings call. They typically release data like daily active users – which could be telling as to if people are leaving the platform.
More importantly, even if there is a noticeable decline in Facebook users, it will continue to be one of the most widely used social media platforms. Even if brands were to delete their Facebook accounts, customers and other stakeholders could still post comments about the organization, and brands wouldn’t have a way to respond and help shape the narrative.
This event also highlights the importance of having a diversified social media strategy, where brands are not reliant on a single platform for their entire content strategy.
If brands choose to continue to stay on Facebook, what changes/measures should they take to protect their fans?
In some ways, this controversy highlights the broader concerns around data security. Not to dismiss people’s concerns about misused data on Facebook, but stolen customer data would be a much more significant reputational threat to organizations.
More and more, this is a serious issue affecting all businesses. According to a 2017 Dell survey, nearly half (45%) of employees engage in some amount of unsafe behavior during the workday. These actions can include connecting to unsafe WIFI, using a personal email to access confidential work or losing a company work device. Roughly 72% of employees are willing to share sensitive information with someone who does not have access to it.
What are other organizations doing?
Other than Tesla’s public #DeleteFacebook moment, virtually all other businesses are operating as they did before. Facebook remains too great a platform for communicating to and engaging with audiences to abandon entirely.
Key takeaways for brands to better protect their customers and social media communities:
- Develop a policy stating why they promote certain content on social media and how they do so, including how they develop targeted ad profiles.
- Start having conversations about data and data security in general within their organization.