At Mark Zuckerberg’s first US congressional hearing on Tuesday, we were reminded once again that the social network founder and CEO says sorry more often than the lyrics to a 90s boyband song. As the Washington Post puts it: ‘From the moment the Facebook founder entered the public eye in 2003 for creating a Harvard student hot-or-not rating site, he’s been apologizing.’
One thing that’s clear in all of this is that politicians and lawmakers finally see how powerful the tech giants really are. And that in the wrong hands, data is not the new oil, it’s the new nitroglycerine.
Meanwhile, Senator Graham raised the topic of European regulation, giving the sense that GDPR might just be the first step to regulating the entire industry. He also dropped in a question to the besuited techie on whether he thought his company had a monopoly. And if that were the case, would he welcome regulation on that too? Needless to say, he didn’t need to “ask his team to come back to us” on that one.
For years, Facebook has staked its growth on a liberal, some might say reckless attitude to safeguarding privacy - from newsfeed changes, to beacon, to making all posts public by default. Whatever the new feature, if it encouraged sharing it was good – both for business and the world in general.
As we’ve also learned more recently, Facebook made no distinction between encouraging users to share, and sharing the personal data behind all that activity with third parties. So much was this a feature of the platform, even innocuous apps like Cow Clicker couldn’t help but hoover up your and your friends’ personal info.
It’s almost as if for every external ‘positive’ to sharing, it casts an equal (or even greater) negative shadow: to take one example, just as Facebook’s role in the Arab Spring was trumpeted, so later it was trumped by fake news and Cambridge Analytica.
Post-scandal, as Zuckerberg finally surfaced for interviews, he was still talking about being ‘too idealistic on the side of data portability.’ An interesting choice of words, in the face of revelations around how that feature (not bug) may well have been used to spread propaganda, and even throw elections worldwide.
Though the industry reaction to #deletefacebook has in some quarters been pretty much ’what did the public expect?’ It’s actually an important reminder for us all to not get too absorbed in the adland bubble.
Locally, Guardian Australia revealed just 53 Australians used the personality quiz app responsible for Cambridge Analytica’s data access. But due to the international nature of ‘friendships’ on the platform, more than 310,000 Australian user profiles ended up harvested. That’s 1.2% of the total population. It will be very interesting to see what actions Government will take here to protect its citizens’ data and privacy.
Most importantly, in markets where bad actors go undetected, or in some cases, may even be positively encouraged to act unethically, it does beg the question - can self-policing ever really work? Maybe the true legacy for Cambridge Analytica-gate will ultimately be vindicating GDPR.
The problem is most people – politicians and public alike - are still in the dark as to how Facebook works. And by extension, advertising and ad tech in general. And we shouldn’t just be beating up on Facebook. Because, at least in data sharing terms – and the web of third parties ‘listening in’ – the two look pretty similar at this point.
Data, Data Everywhere
There have long been stories in ad tech around the frailties of cookie syncing, parties ‘listening in’ on ad calls and even the occasional full-on data leak. By all accounts, the problem extends to header bidding too. At least where it is being delivered client-side - still the method used by the majority – that may be wide open to bad actors - and as the latest Facebook fiasco shown, once it’s out, there’s no getting the toothpaste back in the tube.
Facebook’s case will no doubt be hugely damaging to their brand, if not immediately to their coffers. For the rest of us, it may also represent a low water mark, which others should learn from quickly to avoid the same fate.
Most importantly, in markets where bad actors go undetected, or in some cases, may even be positively encouraged to act unethically, it does beg the question - can self-policing ever really work? Maybe the true legacy for Cambridge Analytica-gate will ultimately be vindicating GDPR. We can only hope others will follow in the EU’s footsteps.
Finally, as I’ve said, this shouldn’t be a moment of realization for Facebook alone. Rather, it’s a time for self-reckoning all over: the third-party relationships within Facebook’s social graph API are no different to the spider’s web of relationships that make up programmatic display.
Illuma country manager ANZ Lance Traore