Facebook was the subject of bombshell reports over the weekend. The revelations about Trump-linked Cambridge Analytica’s misuse of Facebook user data to sway voters in 2016 and Facebook’s failure to alert users could have bigger implications for the way most digital advertising is bought and sold.
For years, the digital ad industry has rebuffed most proposals to regulate ad targeting. The frequent mantra was that personally identifiable information isn’t used, no harm is done and, besides, the direct mail industry is far more invasive. In light of the spotlight being shone onto Cambridge Analytica, that approach probably won’t work.
“It’s the end of the chapter of the total Wild West, what’s-the-harm way of thinking,” said David Carroll, an ad tech expert at The New School who is suing Cambridge Analytica to obtain his data profile. “The whole line that ‘there’s no harm caused by this’ doesn’t stand anymore.”
Garden-variety ad targeting is the backbone of online advertising and is unlikely to go away entirely. The calls for stronger protections of people’s digital data have gotten louder, though, with the sweeping General Data Protection Regulation due to take effect in May. The FTC is now probing Facebook’s use of user data. Lawmakers in the U.S. and U.K. are calling for Facebook CEO Mark Zuckerberg to testify. Incidentally, Google searches for the term “internet privacy” and “What does Facebook know about me” spiked over the weekend.
Facebook’s role in the 2016 U.S. presidential election has now become a political football, with lawmakers increasingly up in arms. Ron Wyden, a Democratic senator from Oregon, has already sent a letter to Zuckerberg seeking answers. A lawmaker in the U.K. wants Zuckerberg to testify before a parliamentary committee. And the attorney general of Massachusetts is investigating. While many publishers, and not a few marketers, enjoy watching Facebook squirm, the overall risk goes up to the broader ecosystem when politicians are incentivized to “do something.” What that something would be is unclear, but regulation of ad targeting, once a fringe idea, is appearing far more possible.
“Technology innovation generally leads legislation, and we’re probably going to see some governance rules that protect all parties involved,” said Darren Herman, operating partner of Bain Capital. “Take the cue from GDPR in Europe. People should have user agency and authority, and that needs to be built into the ecosystem so that all parties have control. I do not think the world is going to end, but I do think the industry will have to button up a bit.”
The Honest Ads Act requiring traditional political ad disclosure rules be applied to digital media and projects that help people decide for themselves what data they want to share about themselves are a good start, said Alanna Gombert, CRO of MetaX, a blockchain tech company that supports personal data initiatives. “We have to revisit how we use data as an industry. We need a system like that as opposed to a backlash.”
A consumer and advertiser backlash against digital advertising is already underway, though. The number of devices using ad-blocking technology rose 30 percent in 2017. Google in turn introduced an ad-filtering version of Chrome earlier this year to weed out the most intrusive ads. Apple, the self-declared guardian of users’ privacy, started blocking ad targeting last fall on its Safari browser. Marketing giants Procter & Gamble and Unilever have pulled back online ad spending, questioning its efficacy.
“What things like this do is rock consumer trust in institutions like Facebook and in advertising companies, and trust is core to the success of this business,” said Rebecca Lieb, media industry analyst at Kaleido Insights. “It doesn’t help dissuade consumers from using ad blockers and protecting themselves from advertising.”
The appetite for tough privacy laws in the U.S. is weak, but the Facebook affair shows how, with the new GDPR law, people have much stronger online privacy protections in Europe and the U.K. than they do in the U.S., Carroll said. A GDPR-like law in the U.S. would have prevented the Facebook user data abuse because it would have required Facebook to notify people of the misuse within three days, which would have been a disincentive for Cambridge Analytics’ practice in the first place, he argued. “This scandal will teach Americans why the European system is superior,” he said.
Brendan Eich, co-founder of Mozilla and anti-ad tracking browser Brave, said he doesn’t expect a big rebellion by consumers over the Facebook scandal. He does predict that, similar to how the moves by tech giants Apple and Google had a ripple effect on online advertising, under the GDPR, which will require people to consent to have companies use their data for ad targeting, global marketers will shift away from tracking everywhere because it’s just going to be easier to market one way everywhere. “I think tracking will die hard,” he said.