So, Mark Zuckerberg has refused to give evidence to MPs and, instead, offered up Chris Cox, Facebook’s chief product officer, to take the flack. Maybe Zuck needs all the time he has available to figure his way out of the Cambridge Analytica mess.
This might take him quite a while. Facebook’s highly profitable Adtech business model seems to be in existential crisis, with MPs lifting the lid on a Pandora’s box of dirty data practices, plus Europe’s General Data Protection Regulation (GDPR) coming into force on May 25th, things aren’t going to get easier for the beleaguered digital behemoth. Facebook’s apparent ‘no-controls’ approach to managing customer data, combined with Cambridge Analytica’s ethics-free work for political clients have spectacularly backfired; just at the wrong time. With GDPR intended to protect EU citizens’ data anywhere in the digital world, we should only expect political and Adtech contagion.
While we at Nucleus worry about holding any customer data on our systems, others seem to be harvesting, hoarding and allowing predators to gorge on the stuff. Those responding to the Cambridge Analytica breach of trust by deleting their personal data from Facebook, are finding out just how much of their personal data the platform collects; and how difficult it is to manage your privacy settings. Basically, they have everything on your mobile phone, plus tracking your activity on or around Facebook, as well as collecting all your friends’ and business contacts. Your digital footprint with Google will be even bigger and extend into every website you've visited and everywhere you’ve been with your smartphone.
The data that was all too easily shared with Cambridge Analytica and, probably, AggregateIQ in Canada, was used to profile individuals open to fake news during Brexit, the US elections and who knows when else. Facebook’s defence is that users delegated the right to use their data, but if I had a Facebook account, I’d definitely delete it.
The reality, however, is that Facebook is not alone in harvesting our data, and probably not the only one worried about what might happen next.
In the world of digital marketing, we’ve become used to tracking and targeting, but this latest drama has uncovered just how addicted to personal data the social media platforms, marketers and politicians have become. We know some tracking is necessary to provide a ‘good’ user experience, much of which should be anonymised, but these days innocuous tracking seems to be in the minority. This is where Facebook has company; and contagion is inevitable. As well as social media sites and search engines, every news title the world over is collecting your data, as is every online brand and retailer who wants to sell you stuff.
A routine check using Spyder Web, Privacy Badger or WhoTracksMe shows that for every site you visit, you will be tracked by 10 or more others, via cookies or digital fingerprinting. If this is anonymised, you would feel more comfortable, but when it’s not, it feels creepy.
Is GDPR the answer?
The question we all want answered is how much of our personal profiling data is being held, by whom and what is it used for? We know every big website is probably leaking personal tracking data like Facebook, though perhaps not linked to such informed personal profiles. This is where GDPR across the EU and other data protection laws are aiming to make a difference, by ensuring anyone holding your data does so with your consent and will delete it if you so wish. In the context of digital advertising, this seems reasonable, but if there is a data breach and personal data gets used by the likes of Cambridge Analytica to profile those of us susceptible to fake news, with the malign intention of manipulating political outcomes or promoting conspiratorial thinking, then much more is at risk.
As a result of this latest breach, data protection laws will be strengthened further and data commissioners, like the ICO, will argue to have their powers and resources increased. All of this will be positive, but what implications does this have for brands and the Adtech business?
Advertising has become addicted to tracking and profiling, so Adtech can push ads to you whenever you are online. You can’t accurately target online ads, let alone programmatic ads and re-marketing, if you don’t have data sets of customer profiles to make advertising efficient and conversion rates affordable. Ultimately, Facebook, Google and other sites that rely on advertising revenue have been the main beneficiaries of the shift to Adtech. If less data results in lower conversion rates, then advertising platforms will have to charge advertisers less for their click-throughs. Businesses with models based solely on exploiting customer data will have to rethink – and some, maybe some big ones, may not be viable in their current forms. Big advertisers had already started to take back control before this most recent data breach, as evidenced by P&G’s chief brand officer, Marc Pritchard’s interview with the Financial Times earlier this month. Expect this to become a trend.
On a more mundane level, every business who emails their customers and prospects will have to have explicit authority to continue doing so, after May 25th. This will mean lots of ‘Can we stay in touch’ emails and company mailing lists shrinking dramatically.
So where does this leave brands? While the twin storms of Facebook/CA and GDPR are battering the Adtech landscape, there is hope in more traditional models. A return to building consensual customer relationships will be key, where brands build trust around their core values and appeal to those who value their relationship with the brand. Good content will become more valuable and brands will want to advertise alongside it, as they have done in the past. Brand building will be prioritised once more. When every consumer has the right to remove personal data held by third parties and only share it when it is to their advantage, brands will, once again, have to earn the right to use their data. This will take more effort and require more brand-led investment than simply targeting an offer at ‘susceptible’ individuals wherever they go on the web.
At the same time, individuals will seek more influence over their data and new organisations like Customer Commons will redefine the terms for individuals to control how their information is used by business, websites and apps.
So, to use a contemporaneous analogy, if Adtech has become hooked on digital spying to deliver its conversion rates (and who knows what else), we should all expel their agents and renegotiate our terms of engagement. Marketers should remember that building valuable brands relies on focusing on trust, unique selling points, strong core values and consensual use of our precious personal data.
And the first step for every brand operating in Europe will be to comply faithfully with the new GDPR legislation, which comes into force in just two months…
Nucleus Founder & CEO
Share your views by emailing firstname.lastname@example.org