While most focus is on Facebook’s travails in Washington, the real threat for Facebook looms in Europe. The General Data Protection Regulation kicks in May 25, and it is poised to change how Facebook targets ads.
If anything, the level of public scrutiny on Facebook, thanks to the Cambridge Analytica scandal, has solidified that fact and put the kibosh on questions about whether Facebook will sail unhampered through GDPR compliance. Facebook will no longer be able to process news feed posts for ad-targeting purposes, unless those posts are marked “public” or “friends of friends” because they tend to include what the GDPR defines as “special categories of data,” according to sources. Ethnicity, religious beliefs, political affiliation and sexual orientation are the kinds of data defined as special categories.
“This means that although Facebook is sitting on top of a trove of personal data, it will have to start offering a form of ad targeting that does not process these data points, unless it can get explicit consent,” said Johnny Ryan, head of ecosystem for ad tech firm PageFair. “In the wake of the Cambridge Analytica issue, it is unlikely that people will volunteer this consent.”
Facebook will release an update this morning on how it will address the special categories point, specifically covering how it will ask Facebook users to make choices about information on their profile.
The social platform is in the challenging position of being classified as a data controller and a data processor under GDPR law. So for certain tools like Facebook’s Lead Ads, which allow advertisers to collect information from users directly from mobile ads on Facebook, both Facebook and the businesses that use that tool are data controllers, meaning both parties are responsible for ensuring compliance. Whenever Facebook matches an advertiser’s customer-relationship management data to its user database to create a custom audience for a campaign, Facebook is classified as a data processor. Whereas for Audience Network, Facebook is the data controller and therefore shoulders the corresponding responsibilities to data subjects, such as access, so it will need consent to continue operating Audience Network.
Some publishers have long complained that getting consent from users will be easy for Facebook due to its massive pot of logged-in users. This has led publishers, particularly in Germany, to criticize European regulators for having inadvertently handed more advantage to the Facebook-Google duopoly via the GDPR and drafted ePrivacy Regulation.
But obtaining that consent may have just become harder for Facebook, thanks to the heightened awareness around how political consulting firm Cambridge Analytica amassed data about more than 50 million Facebook users without their consent.
“We’ll continue to hear negative press out of Europe in particular because of ways in which their [Facebook’s] products may be viewed by some as noncompliant,” said Brian Wieser, senior analyst at Pivotal Research, “and because the U.K. Parliament and European regulators are going to continue exploring fake news and political interference data leaks, and Facebook will remain as a focus because of the degree to which they have enabled these problems.”
Behind the scenes, Facebook may have been working hard on GDPR compliance, but the platform has been publicly vague about how it’s addressing the new law. “GDPR and the draft ePrivacy Regulation create significant risk to Facebook’s business of tracking consumers across the web,” said Jason Kint, CEO of publisher trade body Digital Content Next.
“For years, Facebook has dragged its feet on answering questions about its practices, including most recently regarding the Cambridge Analytica scandal,” Kint added. “And we’ve only heard opaque talking points from Facebook executives about their GDPR compliance plans. My message to our European colleagues is to not let Facebook slide, but to require Facebook leadership to testify under oath before European Parliament about how it intends to comply with the GDPR and specifically how it intends to ask consumers for consent to surveil them across the web.”
Since the news about the Cambridge Analytica scandal broke, Facebook CEO Mark Zuckerberg has been on a mission to emphasize to the general public just how seriously it takes data privacy, while also having to appear in front of Congress. “Facebook is now being forced down to properly lean into the spirit of the [GDPR],” said Ryan.
A Facebook spokesperson said: “Like other companies, we are actively preparing for the GDPR to ensure that our products and services comply. We’ve brought together hundreds of employees across product, engineering, legal, policy, design and research teams. We’re also developing resources that help other organizations build privacy into their services. For example, we built a microsite to help answer questions from our advertising partners, and we’re hosting workshops on data protection for small and medium businesses, as well as updates via our Newsroom and our Facebook Business blog. The Facebook family of apps already applies the core principles in the GDPR, which are transparency and control. And we’re building on this to make sure that we’re ready to fully comply by May 25.”
Under the GDPR, Facebook will neither be able to collect and use data for behaviorally targeting ads, nor bundle consent to serve personalized ads, but it does have other options. It could, for example, follow in Google’s footsteps and introduce nonpersonalized ad services that do not rely on individual users’ personal data to inform the targeting, which is what exposes everyone to risk under the GDPR. There are other ways of creating personalized audience segments that aren’t reliant on people’s personal information — and that’s good enough for many marketers, according to Ryan.
“Facebook has tremendous reach. If they weren’t allowed to mine the personal data on the news feed, what could you still do for advertisers? A lot,” said Ryan. “It can put in place more broad, contextual ads, as long as it isn’t using personal data. Then, you can give the advertiser reach and compliance. Right now, it is giving them reach and risk. CMOs need to reach segments; brands need segments. There is a big part of the industry which is all about performance and direct response, and there is space for that in future, but the big spenders have always wanted to reach their segments. So, can they in the future without handling personal data and in a safe way [on Facebook]? Yes, they can.”
Download Digiday’s guide to GDPR for checklists, research and much more you’ll need to know before May 25.
Member ExclusiveMedia Briefing: Publishers and media unions are still haggling over office-return plans heading into the summer
In this week's Media Briefing, senior media reporter Sara Guaglione reports on how unions at some major media companies are pushing back against publishers' return to office mandates, with The New York Times Guild seemingly netting a victory on Wednesday.
‘He thought I was accusing him of being racist’: Confessions of a comms pro on working with out of touch leadership
The [CEO] and one of the other co-founders felt the need to point out that they mentor black people and donate to black-focused charities. 'It wasn't about them, but they were making it about them.'
As economic uncertainty grows, senior media buyers expect decent upfront pricing options across linear and digital
TV sellers face a steeper uphill climb to sell billions of ad time in advance, as market indicators look increasingly gloomy. But that's not stopping one seller from seeking aggressive pricing and volume gains.
SponsoredHow marketers and retailers are unlocking the true value of retail media
Ben Kneen, senior director of product management, Xandr It’s a challenging time for retailers in the advertising industry. As they cope with supply chain woes and inflation-related pressures, they seek high-margin revenue streams amid evolving privacy regulations and massive shifts in identity solutions — including IDFA, the deprecation of third-party cookies and more. In light […]
How Microsoft plans to storm adland: ‘Attribution, CTV, in-game ads and potential M&A’
Microsoft Advertising VP Rob Wilk explains how it plans to burnish its $10bn ad business
Out of home fights for greater ad share as it cites better value on action taken by consumers
An OAAA study found that OOH is on par with other media in eliciting action from those consumers who recall seeing the ads. And since it's much less costly, it's a more effective means of influencing consumers.