Facebook will remove advertisers’ other third-party data option, but loopholes, questions remain

Then, Facebook notified agencies this week that it will shut down its “managed Custom Audiences” program that enabled advertisers to access third-party data from approved data providers, like Acxiom and Oracle, through Facebook-managed deals with those providers and then use that data to target their Facebook ads. That shutdown will take effect when Facebook rolls out the aforementioned data permissions tool, according to a Facebook spokesperson. Facebook will also remove the “audience data providers” specialty from its Facebook Marketing Partners program in connection to the broader shutdown, the spokesperson said.

“This is one of many steps we’re taking to provide additional safeguards and accountability in our ad products,” said Facebook in an emailed statement.

But as Facebook looks to lock down the outside data that’s available for ad targeting, loopholes linger that would allow advertisers to continue to use third-party data for ad targeting. And questions have arisen regarding whether Facebook’s primary motivation is protecting people’s privacy or its own liability.

“Brands and their agencies must now work directly with third-party data providers as opposed to working through a Facebook partner manager to develop and import these Custom Audiences, and the brand, not the data provider or Facebook, is liable and responsible for the ethical capture and use of these audiences,” said Michael Price, social media director at digital and CRM agency Ansira.

That Facebook would pass off the liability to advertisers now coincides with the European Union’s impending General Data Protection Regulation that takes effect on May 25. That law will require companies to offer people more controls and transparency regarding the data that companies about them and how that data is used, and it will levy hefty fines on the companies that fail to comply with it. By requiring advertisers to assume more liability over the data they connect into Facebook and to certify that they have the legal rights to that data, Facebook may hope to reduce its exposure to penalties, which can total up to four percent of a company’s annual global revenue. However there’s reason to wonder why then Facebook isn’t taking a stricter stance on advertisers’ use of outside data.

It’s unclear to what extent Facebook can definitively curb advertisers’ use of third-party data for ad targeting as well as what data will and will not still be available after Facebook completes its crackdown.

“If everybody’s plugging through this with loopholes, do they just close it off entirely? It starts getting to their intent of why they made this change in the first place. If it is to protect consumer privacy, then these loopholes aren’t necessarily protective of that mission. Or is it that they’re trying to protect business or PR?” said iCrossing chief media officer Jeff Ratner.

Facebook’s ongoing data lockdown is an attempt to clarify what information collected about individuals outside of Facebook’s walled garden can be used within it. But the haste with which Facebook seems to be imposing these new rules, following the recent Cambridge Analytica scandal, has left many ad buyers confused and with unanswered questions. Those questions range from the tactical (“What about offline transaction data?”) to the skeptical (“Is this more than a PR ploy?”) to the type that might be asked in a business major’s dorm room at 2 a.m. (“What even is first-party data?”)

The question of what qualifies as first-party data may sound ridiculous. But it is central to understanding the extent to which Facebook may or may not be able to keep in check the outside data used by advertisers on Facebook and the company’s prospects to “help improve people’s privacy on Facebook,” which Facebook cited as the reason for eliminating third-party data from its self-serve tool.

Usually, first-party data refers to information like email addresses that a brand may collect from people when they sign up for a loyalty program or purchase a product from the brand’s site. But brands can upload that data to data management platforms, where it can be combined with data that another company may have on a person.

“The same Acxiom data that I would have pumped straight through channels on Facebook, I can pump into my own DMP, append that to my data or take it as my data, and then push it into the platform. Is that going to pass their certification?” said Ratner.

“We’re waiting for Facebook to roll out in the coming months the definition of what that is,” said Son, referring to whether Facebook will approve of first-party data that has been attached with third-party data. “As of today, what we know is Facebook needs to provide more insight before we can really understand the impact.”

Or what about the data that retailers collect when people use a credit card to buy something in a brick-and-mortar store and then use to target ads on Facebook? The answer would seem to be straightforward. It’s first-party data because the retailer collects it directly from a person. But the way that information is then connected to a person’s Facebook account involves other parties.

“Whatever personal information you have that’s attached to your credit card, the purchaser’s bank is providing that information to Facebook to be able to determine the identity of that person. Generally, what they’ll end up getting is an email address and/or phone number. That’s what they’re using to match back to a Facebook profile of the user,” said Price. He noted that the information is hashed and anonymized during the process so that individuals’ identities are not revealed to the brand or to Facebook.

Under Facebook’s new policy on advertiser data permissions, are people made sufficiently aware that when they swipe their credit cards at the supermarket, they are not only handing over their money, but their data? And does the way that transaction data — a person’s name and their card number — is processed to be matched with a Facebook account complicate the first-party nature of the data?

“That conversation hasn’t really been had yet with Facebook,” said Stefanie Smith, senior director of paid social at iProspect.

Try as Facebook will to keep in check the outside data used to target ads on its site, it may fail in the same way it failed to prevent an app developer from passing data collected from Facebook on to Cambridge Analytica. Facebook will ask advertisers to certify they have permission for whatever outside data they use to target ads on Facebook. But Facebook may not be able to verify that claim, in the same way it did not verify Cambridge Analytica’s certification that it had deleted the data it improperly obtained on millions of Facebook users.

“There’s still so much gray area in terms of how Facebook is going to let us use data in the future,” said Ratner.

That uncertainty could result in Facebook gaining a stronger hand with advertisers because it would force them to be more reliant on Facebook’s own data in order to reach the people across its social network, Instagram and its ad network.

“It does wall off the garden even further than it already is,” said Ratner.

That could work against Facebook. Once Facebook firms up the changes and officially enacts them, ad buyers will monitor how they affect the performance and prices of their Facebook ads, said Smith. If the results are negative, advertisers could redirect some of their Facebook spend to the platforms that are more accommodating to outside data.

“I’m sure Google is saying, ‘Great, move your dollars back to us and our platforms,’” Ratner said.